The IP address (DE/Germany/) was found attacking mod_security on sun.rightdns.com 10 times in the last 3600 seconds.

 

Attached is an X-ARF report (see http://www.x-arf.org/specification.html) and the original log report that triggered this block.

 

Abuse Contact for 178.162: [abuse@de.leaseweb.com]

 

The Abuse Contact of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here:

 

https://abusix.com/global-reporting/abuse-contact-db

 

abusix.com is neither responsible nor liable for the content or accuracy of this message.



[Sun May 14 08:52:53.260483 2017] [:error] [pid 59713:tid 140102082668288] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJUg02ugAAOlBMEAAAABW"]
[Sun May 14 08:52:54.522113 2017] [:error] [pid 59460:tid 140102114137856] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJkg02ugAAOhE0zwAAAAT"]
[Sun May 14 08:52:55.788939 2017] [:error] [pid 59713:tid 140102061688576] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJ0g02ugAAOlBMFsAAABY"]
[Sun May 14 08:52:57.041334 2017] [:error] [pid 59713:tid 140102198056704] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTKUg02ugAAOlBMGMAAABL"]
[Sun May 14 08:54:27.188427 2017] [:error] [pid 59713:tid 140102145607424] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMi4AAABQ"]
[Sun May 14 08:54:27.615011 2017] [:error] [pid 59713:tid 140102390085376] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMjMAAABA"]
[Sun May 14 08:54:27.986829 2017] [:error] [pid 59713:tid 140102260995840] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMjYAAABF"]
[Sun May 14 08:54:28.390638 2017] [:error] [pid 59713:tid 140102187566848] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThEg02ugAAOlBMjkAAABM"]
[Sun May 14 08:54:28.784743 2017] [:error] [pid 59460:tid 140102177076992] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThEg02ugAAOhE1NIAAAAN"]
[Sun May 14 08:54:29.224696 2017] [:error] [pid 59460:tid 140102198056704] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThUg02ugAAOhE1NQAAAAL"]

Also Read

NL Abuse Complaint: Abuse complaint: ***UNCHECKED*** RBL Listing Notification - AS16265 - LEASEWEB
** This is an automated e-mail to inform you of an abuse complaint **   ABUSE TYPE: ATTACK...
California - Open Resolver DDoS
You appear to be running an open recursive resolver at IP address 199.241.145.147 that...
New Jersey - DDOS from 108.61.1xx.xxx
Recently, we have detected a DDOS attack from 108.61.1xx.xxx:53. Based on the source port number,...
NJ Hacking - 09/Oct/2014
A site was recently compromised from an IP in your allocation. Here is the log...
California - 106 Notices of Claimed Infringements May 11
More Abusive DMCA reports from a single file.-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1...