The IP address (DE/Germany/) was found attacking mod_security on sun.rightdns.com 10 times in the last 3600 seconds.

 

Attached is an X-ARF report (see http://www.x-arf.org/specification.html) and the original log report that triggered this block.

 

Abuse Contact for 178.162: [abuse@de.leaseweb.com]

 

The Abuse Contact of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here:

 

https://abusix.com/global-reporting/abuse-contact-db

 

abusix.com is neither responsible nor liable for the content or accuracy of this message.



[Sun May 14 08:52:53.260483 2017] [:error] [pid 59713:tid 140102082668288] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJUg02ugAAOlBMEAAAABW"]
[Sun May 14 08:52:54.522113 2017] [:error] [pid 59460:tid 140102114137856] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJkg02ugAAOhE0zwAAAAT"]
[Sun May 14 08:52:55.788939 2017] [:error] [pid 59713:tid 140102061688576] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJ0g02ugAAOlBMFsAAABY"]
[Sun May 14 08:52:57.041334 2017] [:error] [pid 59713:tid 140102198056704] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTKUg02ugAAOlBMGMAAABL"]
[Sun May 14 08:54:27.188427 2017] [:error] [pid 59713:tid 140102145607424] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMi4AAABQ"]
[Sun May 14 08:54:27.615011 2017] [:error] [pid 59713:tid 140102390085376] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMjMAAABA"]
[Sun May 14 08:54:27.986829 2017] [:error] [pid 59713:tid 140102260995840] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMjYAAABF"]
[Sun May 14 08:54:28.390638 2017] [:error] [pid 59713:tid 140102187566848] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThEg02ugAAOlBMjkAAABM"]
[Sun May 14 08:54:28.784743 2017] [:error] [pid 59460:tid 140102177076992] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThEg02ugAAOhE1NIAAAAN"]
[Sun May 14 08:54:29.224696 2017] [:error] [pid 59460:tid 140102198056704] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThUg02ugAAOhE1NQAAAAL"]

Also Read

NJ Port Scanning
We have blocked someone from your IP space for abuse. Reason: Port Scanning. Log lines are below....
Dorkbot Malware Infection
Sir/Ma’am, US-CERT Received a report from a trusted third party of a possible malicious...
NJ DMCA - Expendables 3 DVDScr
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1***NOTE TO CHOOPA, LLC: PLEASE FORWARD THIS ENTIRE...
Request to Help Block DDoS Attacks
Hi,at our ecommerce we are experiencing a lot of traffic coming from various ip that belongs to...
UK SPAM Static IP Server
X-Originalarrivaltime: 25 Jul 2014 15:11:43.0391 (UTC) FILETIME=[BE648AF0:01CFA81A] MIME-Version:...