Started on: Nov 04 22:15:18
And stopped on: Nov 04 22:29:11
Code: Select all
[Sun Nov 04 22:29:11.350609 2018] [:error] [pid 1508:tid 140497270560512] [client 94.103.9.30:43690] [client 94.103.9.30] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "69"] [id "33340016"] [rev "32"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Possible SQL injection attempt detected"] [data "union all select null,null,null,null,null,null,null,null,null,null#"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "(?:(?:select|grant|delete|drop|alter|replace|truncate|create|rename|describe)[[:space:]]+[a-z|0-9|\\\\*|\\\\,]+[[:space:]]+(?:into|table|database|index|view)[[:space:]]+[a-z|0-9|\\\\*| |\\\\,]|\\\\bunion\\\\b.{1,256}?select.{1,256}[a-z0-9].{1,256}(?:from|#|, ?[0-9 ..." at ARGS:f. [hostname "www.allerleidierenforum.eu"] [uri "/viewforum.php"] [unique_id "W99kp7u4GpLuEDsqQ2z8CgAAAMA"]
I see that address was already reported for SQL attacks.
https://www.abuseipdb.com/check/94.103.9.30