The IP address (DE/Germany/) was found attacking mod_security on sun.rightdns.com 10 times in the last 3600 seconds.

 

Attached is an X-ARF report (see http://www.x-arf.org/specification.html) and the original log report that triggered this block.

 

Abuse Contact for 178.162: [abuse@de.leaseweb.com]

 

The Abuse Contact of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here:

 

https://abusix.com/global-reporting/abuse-contact-db

 

abusix.com is neither responsible nor liable for the content or accuracy of this message.



[Sun May 14 08:52:53.260483 2017] [:error] [pid 59713:tid 140102082668288] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJUg02ugAAOlBMEAAAABW"]
[Sun May 14 08:52:54.522113 2017] [:error] [pid 59460:tid 140102114137856] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJkg02ugAAOhE0zwAAAAT"]
[Sun May 14 08:52:55.788939 2017] [:error] [pid 59713:tid 140102061688576] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJ0g02ugAAOlBMFsAAABY"]
[Sun May 14 08:52:57.041334 2017] [:error] [pid 59713:tid 140102198056704] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTKUg02ugAAOlBMGMAAABL"]
[Sun May 14 08:54:27.188427 2017] [:error] [pid 59713:tid 140102145607424] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMi4AAABQ"]
[Sun May 14 08:54:27.615011 2017] [:error] [pid 59713:tid 140102390085376] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMjMAAABA"]
[Sun May 14 08:54:27.986829 2017] [:error] [pid 59713:tid 140102260995840] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMjYAAABF"]
[Sun May 14 08:54:28.390638 2017] [:error] [pid 59713:tid 140102187566848] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThEg02ugAAOlBMjkAAABM"]
[Sun May 14 08:54:28.784743 2017] [:error] [pid 59460:tid 140102177076992] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThEg02ugAAOhE1NIAAAAN"]
[Sun May 14 08:54:29.224696 2017] [:error] [pid 59460:tid 140102198056704] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThUg02ugAAOhE1NQAAAAL"]

Also Read

California - 106 Notices of Claimed Infringements May 11
More Abusive DMCA reports from a single file.-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1...
Request to Help Block DDoS Attacks
Hi,at our ecommerce we are experiencing a lot of traffic coming from various ip that belongs to...
California - 106 Notices of Claimed Infringements
They sent 106 notices of infringmnet instead of 1 notice. Here is a compiliation of...
UK SPAM Static IP Server
X-Originalarrivaltime: 25 Jul 2014 15:11:43.0391 (UTC) FILETIME=[BE648AF0:01CFA81A] MIME-Version:...
Brute Force Attempt
Dear Client, We have received the below abuse message regarding your services. Please deal with...