The IP address (DE/Germany/) was found attacking mod_security on sun.rightdns.com 10 times in the last 3600 seconds.

 

Attached is an X-ARF report (see http://www.x-arf.org/specification.html) and the original log report that triggered this block.

 

Abuse Contact for 178.162: [abuse@de.leaseweb.com]

 

The Abuse Contact of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here:

 

https://abusix.com/global-reporting/abuse-contact-db

 

abusix.com is neither responsible nor liable for the content or accuracy of this message.



[Sun May 14 08:52:53.260483 2017] [:error] [pid 59713:tid 140102082668288] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJUg02ugAAOlBMEAAAABW"]
[Sun May 14 08:52:54.522113 2017] [:error] [pid 59460:tid 140102114137856] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJkg02ugAAOhE0zwAAAAT"]
[Sun May 14 08:52:55.788939 2017] [:error] [pid 59713:tid 140102061688576] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTJ0g02ugAAOlBMFsAAABY"]
[Sun May 14 08:52:57.041334 2017] [:error] [pid 59713:tid 140102198056704] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTKUg02ugAAOlBMGMAAABL"]
[Sun May 14 08:54:27.188427 2017] [:error] [pid 59713:tid 140102145607424] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMi4AAABQ"]
[Sun May 14 08:54:27.615011 2017] [:error] [pid 59713:tid 140102390085376] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMjMAAABA"]
[Sun May 14 08:54:27.986829 2017] [:error] [pid 59713:tid 140102260995840] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhTg0g02ugAAOlBMjYAAABF"]
[Sun May 14 08:54:28.390638 2017] [:error] [pid 59713:tid 140102187566848] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThEg02ugAAOlBMjkAAABM"]
[Sun May 14 08:54:28.784743 2017] [:error] [pid 59460:tid 140102177076992] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThEg02ugAAOhE1NIAAAAN"]
[Sun May 14 08:54:29.224696 2017] [:error] [pid 59460:tid 140102198056704] [client 178.162.x.x] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\\\'.*(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)|and.*char\\\\(.*\\\\)" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "257"] [id "380015"] [rev "1"] [msg "Generic SQL metacharacter URI injection protection"] [severity "CRITICAL"] [hostname "jharkhandbihar.com"] [uri "/productdetails.php"] [unique_id "WRhThUg02ugAAOhE1NQAAAAL"]

Also Read

Request to Help Block DDoS Attacks
Hi,at our ecommerce we are experiencing a lot of traffic coming from various ip that belongs to...
Kansas City SYN Flood
Your IP is sending SYNFloods Date first seen          Duration Proto           IP Addr...
IDS Alert
our IDS found suspicious activity from 178.162.197.1, please investigate! The packets form a...
New Jersey DMCA - True Detective S01E01 HDTV x264-KILLERS[ettv]
DATE:2014-04-11T00:45:32ZDear Sir/Madam,We are writing this message on behalf of HOME BOX OFFICE,...
UK SPAM Complaints phone4profit.com
Received: from [149.255.111.222] (HELO phone4profit.com)by inbound.appriver.com (CommuniGate Pro...